CVE-2024-33603

Published Oct 30, 2024

Last updated 4 days ago

CVSS medium 5.3

Overview

Description: The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication.
Source: talos-cna@cisco.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
talos-cna@cisco.com: CWE-200

Hype score: Not currently trending

CVE-2024-33603 The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log pag… https://t.co/fSm7vnYALP
@CVEnew
30 Oct 2024
326 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCC94B2E-4651-4E98-90A1-CB53CC2E24CC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1FD255E3-0DBF-440C-AC6A-90B30DB59B34"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References