What is CVE-2024-23309?

CVE-2024-23309 is a critical-severity vulnerability in Levelone Wbr-6012, classified under Reliance on IP Address for Authentication. CVSS score: 9.0/10. Published 2024-10-30.

How severe is CVE-2024-23309?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Vulnerability in Levelone Wbr-6012

CVE-2024-23309

The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an IP address to gain unauthorized access…

EPSS: 0.001 (17.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Levelone Wbr-6012 — versions R0.40e6

Weakness classification (CWE)

CWE-291 — Reliance on IP Address for Authentication

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1996

Frequently asked questions

What is CVE-2024-23309?: CVE-2024-23309 is a critical-severity vulnerability in Levelone Wbr-6012, classified under Reliance on IP Address for Authentication. CVSS score: 9.0/10. Published 2024-10-30.
How severe is CVE-2024-23309?: Critical severity. CVSS v3 base score is 9.0 out of 10.