CVE-2024-24777
CVE-2024-24777
In short
A weakness in the LevelOne WBR-6012 router allows attackers to trick users into performing unwanted actions through a malicious webpage. This happens because the device doesn't properly verify that requests actually come from the user.
Technical detail
CSRF vulnerability in LevelOne WBR-6012 R0.40e6 web application lacks proper request origin validation. Attack vector involves social engineering to lure authenticated users to a malicious website that crafts HTTP requests to the router, potentially leading to unauthorized configuration changes or administrative actions due to missing CSRF tokens or SameSite protections.
Summary generated and translated by AI from the official description.
A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
LevelOne · WBR-6012Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →