Talos Vulnerability Report

TALOS-2024-1983

LevelOne WBR-6012 Web and FTP cleartext transmission vulnerability

October 30, 2024
CVE Number

CVE-2024-32946

SUMMARY

A vulnerability in the LevelOne WBR-6012 router’s firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks.

CONFIRMED VULNERABLE VERSIONS

The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.

LevelOne WBR-6012 R0.40e6

PRODUCT URLS

WBR-6012 - https://us.level1.com/products/wbr-6012

CVSSv3 SCORE

5.9 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-319 - Cleartext Transmission of Sensitive Information

DETAILS

The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while aiming to be easy to configure and operate. In addition to providing a WiFi access point, the device serves as a 4-port wired router and implements a variety of common SOHO router capabilities such as port forwarding, quality-of-service, web-based administration, a DHCP server, a basic DMZ, and UPnP capabilities.

The LevelOne WBR-6012 device uses HTTP and FTP for administration and management. Neither of these protocols support encryption and all communications will be in cleartext, including transmission of credentials. Neither service can be disabled and there is no option to enable a more secure, encrypted alternative such as HTTPS, SSH, or SFTP.

TIMELINE

2024-06-03 - Vendor Disclosure
2024-08-05 - Status update request from TALOS - No reply
2024-09-03 - Status update request - Impending public release notification
2024-10-23 - Vendor notification of upcoming release date
2024-10-30 - Public Release

Credit

Discovered by Patrick DeSantis of Cisco Talos.