A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be found at address 0x80100910
80100910 40 6d 21 74 ds "@m!t2K1"
32 4b 31 00
It is referenced by the function located at 0x800b78b0 and is used as shown in the pseudocode below:
if ((SECOND_FROM_BOOT_TIME < 300) &&
(is_equal = strcmp(password,"@m!t2K1")) {
return 1;}
Where 1 is the return value to admin-level access (0 being fail and 3 being user).
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1979 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
13 Nov 2024, 18:10
Type | Values Removed | Values Added |
---|---|---|
References | () https://talosintelligence.com/vulnerability_reports/TALOS-2024-1979 - Third Party Advisory | |
First Time |
Level1 wbr-6012 Firmware
Level1 Level1 wbr-6012 |
|
CPE | cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:* cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:* |
01 Nov 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
30 Oct 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-30 14:15
Updated : 2024-11-13 18:10
NVD link : CVE-2024-28875
Mitre link : CVE-2024-28875
CVE.ORG link : CVE-2024-28875
JSON object : View
Products Affected
level1
- wbr-6012_firmware
- wbr-6012
CWE
CWE-798
Use of Hard-coded Credentials