5.3

CVE-2024-33603

Exploit

EPSS 12.12%
Veröffentlicht 30.10.2024 14:15:06
Zuletzt bearbeitet 21.11.2024 09:17:14
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Level1 ≫ Wbr-6012 Firmware Versionr0.40e6

Level1 ≫ Wbr-6012 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	12.12%	0.935

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
talos-cna@cisco.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1985

Third Party Advisory

Exploit

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1985

https://nvd.nist.gov/vuln/detail/CVE-2024-33603

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-33603

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-33603

EUVD