CVE-2024-33699

The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the current password...

CVE-2024-33699

The CVE-2024-33699 entry concerns LevelOne WBR-6012 router firmware version R0.40e6 with a web application weakness enabling password changes without the current password. Talos reports a weak authentication vulnerability (CWE-620) where the admin password can be changed via HTTP requests, potent...

CVE-2024-33626

The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive information, such as the WiFi WPS PIN, through a hidden page accessible by an HTTP request. Disclosure of this information could enable attackers to connect to the...

CVE-2024-33626

The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive information, such as the WiFi WPS PIN, through a hidden page accessible by an HTTP request. Disclosure of this information could enable attackers to connect to the...

CVE-2024-33603

CVE-2024-33603 affects LevelOne WBR-6012 router. Cisco Talos (TALOS-2024-1985) documents an information-disclosure flaw in the web application: unauthenticated users can access the verbose system log page (syslog2.htm), exposing sensitive data such as memory addresses, debug messages, and login-a...

CVE-2024-33626

CVE-2024-33626 affects LevelOne WBR-6012. Cisco TALOS confirms a web application information-disclosure vulnerability that exposes the WiFi WPS PIN via a hidden page accessible over HTTP. Confirmed vulnerable version: LevelOne WBR-6012 R0.40e6. Exploitation could enable an attacker to connect to ...

CVE-2024-33603

The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijackin...

CVE-2024-33603

The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijackin...

CVE-2024-23309

CVE-2024-23309 affects LevelOne WBR-6012 router with firmware R0.40e6, where the web application authenticates based on the client IP rather than a session token. Talos documents a vulnerability in the web UI that allows an attacker to spoof the client IP and gain unauthorized access, bypassing a...

CVE-2024-23309

The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an IP address to gain unauthorized access without needing a session token...

CVE-2024-23309

The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an IP address to gain unauthorized access without needing a session token...

CVE-2024-33623

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-33700

The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption...

CVE-2024-33700

CVE-2024-33700 concerns the LevelOne WBR-6012 router, firmware R0.40e6, where a vulnerability in the FTP handling causes denial of service via a series of malformed, unauthenticated FTP commands. The root cause is improper input validation within the FTP functionality, allowing crafted FTP inputs...

CVE-2024-33700

The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption...

CVE-2024-33623

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-33623

CVE-2024-33623 affects LevelOne WBR-6012 router (R0.40e6). Talos notes an unauthenticated HTTP POST to /upg or /upg/fwug can trigger a crash/reboot due to improper handling of POST data (looping until a carriage return). The vulnerability resides in the web application, with exploitation leading ...

LevelOne WBR-6012 跨站请求伪造漏洞

The LevelOne WBR-6012 is a wireless router from LevelOne. The LevelOne WBR-6012 suffers from a cross-site request forgery vulnerability that stems from a cross-site request forgery CSRF vulnerability in a web application function...

PT-2024-25382 · Levelone · Levelone Wbr-6012

Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 version R0.40e6 Description: A denial of service issue exists in the Web Application functionality. It can be triggered by a specially crafted HTTP request, leading to a reboot. An attacker can exploit this by sending a...

LevelOne WBR-6012 Web Application information disclosure vulnerability

Talos Vulnerability Report TALOS-2024-1986 LevelOne WBR-6012 Web Application information disclosure vulnerability October 30, 2024 CVE Number CVE-2024-33626 SUMMARY The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive...