CVE-2024-31151 Information
Description
A security flaw involving hard-coded credentials in LevelOne WBR-6012’s web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot circumventing the initial time restriction for exploitation.The password string can be found at addresses 0x 803cdd0f and 0x803da3e6:
803cdd0f 41 72 69 65 ds \AriesSerenaCairryNativitaMegan\r
73 53 65 72
65 6e 61 43
...
It is referenced by the function at 0x800b78b0 and simplified in the pseudocode below:
if (is_equal = strcmp(password\AriesSerenaCairryNativitaMegan\)
ret = 3;
Where 3 is the return value to user-level access (0 being fail and 1 being admin/backdoor).
While there’s no legitimate functionality to change this password once authenticated it is possible manually make a change by taking advantage of TALOS-2024-XXXXX using HTTP POST paramater \Pu\ (new user password) in place of \Pa\ (new admin password).
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1979
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.1
Share on: