CVE-2024-31151

Summary

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be found at addresses 0x 803cdd0f and 0x803da3e6:

803cdd0f 41 72 69 65        ds         "AriesSerenaCairryNativitaMegan"
         73 53 65 72 
         65 6e 61 43
         ...

It is referenced by the function at 0x800b78b0 and simplified in the pseudocode below:

if (is_equal = strcmp(password,"AriesSerenaCairryNativitaMegan"){
    ret = 3;}

Where 3 is the return value to user-level access (0 being fail and 1 being admin/backdoor).

While there's no legitimate functionality to change this password, once authenticated it is possible manually make a change by taking advantage of TALOS-2024-XXXXX using HTTP POST paramater "Pu" (new user password) in place of "Pa" (new admin password).

Affected Software

VendorProductVersion RangeStatus
LevelOneWBR-6012R0.40e6affected

Weaknesses

  • CWE-798: CWE-798: Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References