CRITICAL🇵🇱 Wersja polska

CVE-2024-23309

CVSS 9.0v3.1pub. 2024-10-30upd. 2024-11-21

The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an IP address to gain unauthorized access without needing a session token.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Level1 Wbr 6012

    HW
    Level1
    wszystkie wersje
  • Level1 Wbr 6012 Firmware

    OS
    Level1
    r0.40e6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-33699CRITICAL9.9PL ✓ten sam produkt

LevelOne WBR-6012: zmiana hasła admina bez uwierzytelnienia

CVE-2024-28875HIGH8.1ten sam produkt

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain ...

CVE-2024-31151HIGH8.1ten sam produkt

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain ...

CVE-2024-24777HIGH8.8ten sam produkt

A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne ...

CVE-2024-33700HIGH7.5ten sam produkt

The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP fu...