CVE-2024-31151
CVSS V2 None
CVSS V3 None
Description
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be found at addresses 0x 803cdd0f and 0x803da3e6:
803cdd0f 41 72 69 65 ds "AriesSerenaCairryNativitaMegan"
73 53 65 72
65 6e 61 43
...
It is referenced by the function at 0x800b78b0 and simplified in the pseudocode below:
if (is_equal = strcmp(password,"AriesSerenaCairryNativitaMegan"){
ret = 3;}
Where 3 is the return value to user-level access (0 being fail and 1 being admin/backdoor).
While there's no legitimate functionality to change this password, once authenticated it is possible manually make a change by taking advantage of TALOS-2024-XXXXX using HTTP POST paramater "Pu" (new user password) in place of "Pa" (new admin password).
Overview
- CVE ID
- CVE-2024-31151
- Assigner
- talos
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-30T13:35:20.113Z
- Last Modified Date
- 2024-10-30T14:03:14.932Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2024-1979 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-31151 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31151 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-10-31 13:09:34 | Added to TrackCVE |