144 matches found
CVE-2024-24777
A cross-site request forgery CSRF vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability...
CVE-2024-23309
The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an IP address to gain unauthorized access without needing a session token...
CVE-2024-28875
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be...
CVE-2024-28875
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be...
CVE-2024-31151
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be...
CVE-2024-31151
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be...
CVE-2024-31151
LevelOne WBR-6012 contains hard-coded credentials in its web services, enabling unauthenticated access within the first 30 seconds after boot and potential bypass via other vulnerabilities. TALOS confirms two backdoors: a hard-coded admin backdoor password and an undocumented user account with a ...
CVE-2024-28875
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be...
CVE-2024-28875
CVE-2024-28875 affects LevelOne WBR-6012. Talos confirms a hard-coded admin backdoor password and an undocumented user account, allowing admin-level access within the first 30 seconds after boot via the device’s web services. The hard-coded password is “@m!t2K1” and a reboot sequence may bypass t...
CVE-2024-24777
A cross-site request forgery CSRF vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability...
CVE-2024-24777
LevelOne WBR-6012 Web Application CSRF (CVE-2024-24777) vulnerability affecting the router model LevelOne WBR-6012 with firmware R0.40e6. The web application does not enforce origin checks, allowing attackers to induce unauthorized actions via a crafted HTTP request from a malicious page. Talos c...
CVE-2024-28875
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be...
CVE-2024-24777
A cross-site request forgery CSRF vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability...
CVE-2024-31152
The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application, where a series of crafted HTTP requests can cause a reboot. This could lead to network service interruptions...
CVE-2024-31152
The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application, where a series of crafted HTTP requests can cause a reboot. This could lead to network service interruptions...
CVE-2024-31152
The CVE-2024-31152 issue affects LevelOne WBR-6012 routers (firmware R0.40e6). The root cause is improper resource allocation in the router’s web application, causing a flood of crafted HTTP requests to crash/reboot the device. Specifically, a flood of valid HTTP POSTs to /cgi-bin/logi can trigge...
CVE-2024-32946
The vulnerability CVE-2024-32946 affects LevelOne WBR-6012 router firmware R0.40e6. Talos reports that Web and FTP administration traffic is transmitted in cleartext, exposing credentials and other sensitive data to network sniffing. Affected component: router firmware with HTTP/FTP services that...
CVE-2024-33699
The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the current password...
CVE-2024-32946
A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks...
CVE-2024-32946
A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks...