CVE-2024-33603 — MEDIUM (5.3)

Vulnerability Description

The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Level1	Wbr-6012 Firmware	r0.40e6
Level1	Wbr-6012	-

Related Weaknesses (CWE)

CWE-200

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1985ExploitThird Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1985

FAQ

What is CVE-2024-33603?

CVE-2024-33603 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such ...

How severe is CVE-2024-33603?

CVE-2024-33603 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-33603?

Check the references section above for vendor advisories and patch information. Affected products include: Level1 Wbr-6012 Firmware, Level1 Wbr-6012.