CVE-2024-33699
Nov. 21, 2024, 9:17 a.m.
Tags
CVSS Score
Products Impacted
Vendor | Product | Versions |
---|---|---|
level1 |
|
|
Description
The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the current password.
Weaknesses
CWE-620
Unverified Password Change
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
CWE ID: 620Date
Published: Oct. 30, 2024, 2:15 p.m.
Last Modified: Nov. 21, 2024, 9:17 a.m.
Status : Modified
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
talos-cna@cisco.com
CPEs
Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
---|---|---|---|---|---|---|---|---|---|---|
o | level1 | wbr-6012_firmware | r0.40e6 | / | / | / | / | / | / | / |
h | level1 | wbr-6012 | - | / | / | / | / | / | / | / |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
Exploitability Score
Impact Score
Base Severity
CRITICALCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H