Skip to main content

Wbr 6012 Firmware CVE-2024-28875

HIGH
Use of Hard-coded Credentials (CWE-798)
2024-10-30 talos-cna@cisco.com
8.1
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (cisco) · only source for this CVE.

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 30, 2024 - 14:15 cve.org
HIGH 8.1

DescriptionCVE.org

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be found at address 0x80100910

80100910 40 6d 21 74 ds "@m!t2K1" 32 4b 31 00

It is referenced by the function located at 0x800b78b0 and is used as shown in the pseudocode below:

if ((SECOND_FROM_BOOT_TIME < 300) && (is_equal = strcmp(password,"@m!t2K1")) { return 1;}

Where 1 is the return value to admin-level access (0 being fail and 3 being user).

AnalysisAI

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be found at address 0x80100910 80100910 40 6d 21 74 ds "@m!t2K1" 32 4b 31 00 It is referenced by the function located at 0x800b78b0 and is used as shown in the pseudocode below: if ((SECOND_FROM_BOOT_TIME < 300) && (is_equal = strcmp(password,"@m!t2K1")) { return 1;} Where 1 is the return value to admin-level access (0 being fail and 3 being user). Affected products include: Level1 Wbr-6012 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

CVE-2024-33699 HIGH POC
8.8 Oct 30

The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers t

CVE-2024-24777 HIGH POC
8.8 Oct 30

A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R

CVE-2024-23309 HIGH POC
8.1 Oct 30

The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due

CVE-2024-33700 HIGH POC
7.5 Oct 30

The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionalit

CVE-2024-33623 HIGH POC
7.5 Oct 30

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. Rated high s

CVE-2024-31152 HIGH POC
7.5 Oct 30

The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web applicat

CVE-2024-28052 HIGH POC
7.5 Oct 30

The WBR-6012 is a wireless SOHO router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2024-31151 CRITICAL
9.8 Oct 30

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthoriz

CVE-2024-33603 MEDIUM POC
5.3 Oct 30

The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenti

CVE-2024-32946 MEDIUM
5.9 Oct 30

A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitte

CVE-2024-33626 MEDIUM
5.3 Oct 30

The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure

Share

CVE-2024-28875 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy