Vulnerabilities > CVE-2024-33699 - Unverified Password Change vulnerability in Level1 Wbr-6012 Firmware R0.40E6

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

level1

CWE-620

NVD

Published: 2024-10-30

Updated: 2024-11-08

Summary

The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the current password.

Vulnerable Configurations

Part	Description	Count
OS	Level1 Level1 WBR 6012 Firmware R0.40E6	1
Hardware	Level1 Level1 WBR 6012 -	1

Common Weakness Enumeration (CWE)

CWE-620 - Unverified Password Change

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1984