exploitDog

CVE-2024-24777

Опубликовано: 30 окт. 2024

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1981
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1981

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*

cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.13644

Средний

8.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-jxm2-6gmh-4m8x

CVSS3: 8.8

github

больше 1 года назад

A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability.

EPSS

Процентиль: 94%

0.13644

Средний

8.8 High

CVSS3

Дефекты

CWE-352