CVE-2024-23309
CRITICALDescription
The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an IP address to gain unauthorized access without needing a session token.
Is your site exposed to CVE-2024-23309?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| level1 | wbr-6012_firmware |
| level1 | wbr-6012 |
References
Frequently Asked Questions
What is CVE-2024-23309? +
How severe is CVE-2024-23309? +
What products are affected by CVE-2024-23309? +
How do I check if I'm vulnerable to CVE-2024-23309? +
Related Vulnerabilities
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose …
A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of …
A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators …
The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator …
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets …
A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A …