CVE-2024-23309
CVE-2024-23309
9.0
CriticalPublished:
Last updated:
Source:talos-cna@cisco.com
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- High
- Privileges Required
- None
- User Interaction
- None
- Scope
- Changed
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an IP address to gain unauthorized access without needing a session token.
References
talos-cna@cisco.com
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1996af854a3a-2127-422b-91ae-364da2661108
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1996