CRITICAL🇵🇱 Wersja polska

CVE-2024-33699

CVSS 9.9v3.1pub. 2024-10-30upd. 2024-11-21

The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the current password.

🤖 AI Analysis
How it works

The vulnerability results from the lack of proper user identity verification during the administrator password change process in the router's web application. An attacker with only network access to the management interface can send a specially crafted password change request, bypassing current password verification (CWE-620 — Unverified Password Change). After a successful attack, the attacker obtains full administrative privileges to the device.

Impact

An attacker can gain full administrative control over the router, enabling modification of network configuration, interception of network traffic, disabling security features (firewall), or using the device as a launching point for further attacks (lateral movement) on the local network.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. Until updates are applied, it is recommended to restrict access to the router's management interface only to trusted hosts and isolate the device from the public internet.

Who is affected

LevelOne WBR-6012 with firmware version R0.40e6

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Level1 Wbr 6012

    HW
    Level1
    wszystkie wersje
  • Level1 Wbr 6012 Firmware

    OS
    Level1
    r0.40e6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-23309CRITICAL9.0PL ✓ten sam produkt

Pominięcie uwierzytelnienia w routerze LevelOne WBR-6012 przez spoofing IP

CVE-2024-24777HIGH8.8ten sam produkt

A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne ...

CVE-2024-28875HIGH8.1ten sam produkt

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain ...

CVE-2024-31151HIGH8.1ten sam produkt

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain ...

CVE-2024-33700HIGH7.5ten sam produkt

The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP fu...