CVE-2024-31151
published 2024-10-30CVE-2024-31151: A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.72%
49.2th percentile
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be found at addresses 0x 803cdd0f and 0x803da3e6:
803cdd0f 41 72 69 65 ds "AriesSerenaCairryNativitaMegan"
73 53 65 72
65 6e 61 43
...
It is referenced by the function at 0x800b78b0 and simplified in the pseudocode below:
if (is_equal = strcmp(password,"AriesSerenaCairryNativitaMegan"){
ret = 3;}
Where 3 is the return value to user-level access (0 being fail and 1 being admin/backdoor).
While there's no legitimate functionality to change this password, once authenticated it is possible manually make a change by taking advantage of TALOS-2024-XXXXX using HTTP POST paramater "Pu" (new user password) in place of "Pa" (new admin password).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| level1 | wbr-6012_firmware | — | — |
| levelone | wbr-6012 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities
blogs_talos·2024-10-31·CVSS 7.8
[HIGH] NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities
## NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities
Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org , and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website .
NVIDIA Graphics remote out-of-bounds execution vulnerabilities
Discovered by Piotr Bania.
NVIDIA Graphics drivers are software for NVIDIA Graphics GPU installed on the PC. They are used to communicate between the operating system and the GPU device. This software is required in most
Talos
NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities
blogs_talos·2024-10-31·CVSS 7.8
[HIGH] NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities
Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
NVIDIA Graphics remote out-of-bounds execution vulnerabilities
Discovered by Piotr Bania.
NVIDIA Graphics drivers are software for NVIDIA Graphics GPU installed on the PC. They are used to communicate between the operating system and the GPU device. This software is required in most cases for the hardware device to function properly.
Talos discovered multip
2024-10-30
Published