exploitDog

CVE-2024-33603

Опубликовано: 30 окт. 2024

Источник: nvd

CVSS3: 5.3

EPSS Средний

Описание

The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1985
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1985

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*

cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.12123

Средний

5.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-qjqh-fr2p-8mpm

CVSS3: 5.3

github

больше 1 года назад

The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication.

EPSS

Процентиль: 94%

0.12123

Средний

5.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo