Wbr 6012 Firmware
CVE-2024-28875
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (cisco) · only source for this CVE.
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be found at address 0x80100910
80100910 40 6d 21 74 ds "@m!t2K1" 32 4b 31 00
It is referenced by the function located at 0x800b78b0 and is used as shown in the pseudocode below:
if ((SECOND_FROM_BOOT_TIME < 300) && (is_equal = strcmp(password,"@m!t2K1")) { return 1;}
Where 1 is the return value to admin-level access (0 being fail and 3 being user).
AnalysisAI
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be found at address 0x80100910 80100910 40 6d 21 74 ds "@m!t2K1" 32 4b 31 00 It is referenced by the function located at 0x800b78b0 and is used as shown in the pseudocode below: if ((SECOND_FROM_BOOT_TIME < 300) && (is_equal = strcmp(password,"@m!t2K1")) { return 1;} Where 1 is the return value to admin-level access (0 being fail and 3 being user). Affected products include: Level1 Wbr-6012 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.
More in Wbr 6012 Firmware
View allThe LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers t
A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R
The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due
The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionalit
A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. Rated high s
The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web applicat
The WBR-6012 is a wireless SOHO router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthoriz
The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenti
A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitte
The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today