CVE-2024-28875 Information

Description

A security flaw involving hard-coded credentials in LevelOne WBR-6012’s web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot circumventing the initial time restriction for exploitation.The backdoor string can be found at address 0x80100910

80100910 40 6d 21 74        ds         \@m!t2K1\r
         32 4b 31 00

It is referenced by the function located at 0x800b78b0 and is used as shown in the pseudocode below:

if ((SECOND_FROM_BOOT_TIME < 300) &&
    (is_equal = strcmp(password\@m!t2K1\)) 
        return 1;

Where 1 is the return value to admin-level access (0 being fail and 3 being user).

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1979

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.1