CVE-2024-28875
CVSS V2 None
CVSS V3 None
Description
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be found at address 0x80100910
80100910 40 6d 21 74 ds "@m!t2K1"
32 4b 31 00
It is referenced by the function located at 0x800b78b0 and is used as shown in the pseudocode below:
if ((SECOND_FROM_BOOT_TIME < 300) &&
(is_equal = strcmp(password,"@m!t2K1")) {
return 1;}
Where 1 is the return value to admin-level access (0 being fail and 3 being user).
Overview
- CVE ID
- CVE-2024-28875
- Assigner
- talos
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-30T13:35:19.982Z
- Last Modified Date
- 2024-10-30T14:05:54.587Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2024-1979 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-28875 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28875 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-10-31 13:22:11 | Added to TrackCVE |