CVE-2024-33603
MEDIUMLevelOne WBR-6012 Firmware - Unauthenticated Sensitive Information Exposure via Verbose System Log Page
Title source: llmDescription
The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1985
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1985
Scores
CVSS v3
5.3
EPSS
0.0878
EPSS Percentile
94.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
level1/wbr-6012_firmware
r0.40e6
Published
Oct 30, 2024
Tracked Since
Feb 18, 2026