Skip to main content

Wbr 6012 Firmware CVE-2024-31151

CRITICAL
Use of Hard-coded Credentials (CWE-798)
2024-10-30 talos-cna@cisco.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 30, 2024 - 14:15 nvd
CRITICAL 9.8

DescriptionNVD

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be found at addresses 0x 803cdd0f and 0x803da3e6:

803cdd0f 41 72 69 65 ds "AriesSerenaCairryNativitaMegan" 73 53 65 72 65 6e 61 43 ...

It is referenced by the function at 0x800b78b0 and simplified in the pseudocode below:

if (is_equal = strcmp(password,"AriesSerenaCairryNativitaMegan"){ ret = 3;}

Where 3 is the return value to user-level access (0 being fail and 1 being admin/backdoor).

While there's no legitimate functionality to change this password, once authenticated it is possible manually make a change by taking advantage of TALOS-2024-XXXXX using HTTP POST paramater "Pu" (new user password) in place of "Pa" (new admin password).

AnalysisAI

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be found at addresses 0x 803cdd0f and 0x803da3e6: 803cdd0f 41 72 69 65 ds "AriesSerenaCairryNativitaMegan" 73 53 65 72 65 6e 61 43 ... It is referenced by the function at 0x800b78b0 and simplified in the pseudocode below: if (is_equal = strcmp(password,"AriesSerenaCairryNativitaMegan"){ ret = 3;} Where 3 is the return value to user-level access (0 being fail and 1 being admin/backdoor). While there's no legitimate functionality to change this password, once authenticated it is possible manually make a change by taking advantage of TALOS-2024-XXXXX using HTTP POST paramater "Pu" (new user password) in place of "Pa" (new admin password). Affected products include: Level1 Wbr-6012 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

CVE-2024-33699 HIGH POC
8.8 Oct 30

The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers t

CVE-2024-24777 HIGH POC
8.8 Oct 30

A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R

CVE-2024-23309 HIGH POC
8.1 Oct 30

The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due

CVE-2024-33700 HIGH POC
7.5 Oct 30

The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionalit

CVE-2024-33623 HIGH POC
7.5 Oct 30

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. Rated high s

CVE-2024-31152 HIGH POC
7.5 Oct 30

The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web applicat

CVE-2024-28052 HIGH POC
7.5 Oct 30

The WBR-6012 is a wireless SOHO router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2024-33603 MEDIUM POC
5.3 Oct 30

The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenti

CVE-2024-28875 HIGH
8.1 Oct 30

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthoriz

CVE-2024-32946 MEDIUM
5.9 Oct 30

A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitte

CVE-2024-33626 MEDIUM
5.3 Oct 30

The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure

Share

CVE-2024-31151 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy