CVE-2024-28875

HIGH EPSS 48.2%

Published Oct 30, 20241y ago · Modified Jun 17, 20261w ago

8.1 CVSS 3.1

High

Published Oct 30, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be found at address 0x80100910 80100910 40 6d 21 74 ds "@m!t2K1" 32 4b 31 00 It is referenced by the function located at 0x800b78b0 and is used as shown in the pseudocode below: if ((SECOND_FROM_BOOT_TIME < 300) && (is_equal = strcmp(password,"@m!t2K1")) { return 1;} Where 1 is the return value to admin-level access (0 being fail and 3 being user).

CVSS Details

Base Score

8.1

Exploitability

2.2

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

48.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-798 Use of Hard-coded Credentials Authentication

Affected Products 2

Vendor	Product	Version	Range
level1	wbr-6012_firmware	r0.40e6	any
level1	wbr-6012	*	any

References 2

talosintelligence.com https://talosintelligence.com/vulnerability_reports/TALOS-2024-1979

Third Party Advisory
talosintelligence.com https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1979

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.