CVE-2024-23309
First published: Wed Oct 30 2024(Updated: )
The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an IP address to gain unauthorized access without needing a session token.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Level1 WBR-6012 Firmware | =r0.40e6 | |
| Level1 WBR-6012 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-23309?
CVE-2024-23309 has a high severity level due to its potential for unauthorized access to the router.
How do I fix CVE-2024-23309?
To fix CVE-2024-23309, update the LevelOne WBR-6012 router firmware to a version that addresses this vulnerability.
Who is affected by CVE-2024-23309?
Users of the LevelOne WBR-6012 router firmware R0.40e6 are affected by CVE-2024-23309.
What type of vulnerability is CVE-2024-23309?
CVE-2024-23309 is classified as an authentication bypass vulnerability.
What can attackers do with CVE-2024-23309?
Attackers can exploit CVE-2024-23309 to gain unauthorized access to the router by spoofing an IP address.
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/level1
- canonical/level1 wbr-6012 firmware
- version/level1 wbr-6012 firmware/r0.40e6