CVE-2024-33374

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-33374
Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-%28CVE%E2%80%902024%E2%80%9033374%29
https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/
https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-%28CVE%E2%80%902024%E2%80%9033374%29
https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/
Configurations

No configuration.

History

21 Nov 2024, 09:16

Type Values Removed Values Added
References () https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-%28CVE%E2%80%902024%E2%80%9033374%29 - () https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-%28CVE%E2%80%902024%E2%80%9033374%29 -
References () https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/ - () https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/ -

03 Jul 2024, 01:57

Type Values Removed Values Added
CWE CWE-269
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

17 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-%28CVE%E2%80%902024%E2%80%9033374%29 -

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) El control de acceso incorrecto en la interfaz UART/Serial en el enrutador LB-LINK BL-W1210M v2.0 permite a los atacantes acceder al terminal raíz sin autenticación.

14 Jun 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-14 15:15

Updated : 2024-11-21 09:16

NVD link : CVE-2024-33374

Mitre link : CVE-2024-33374

CVE.ORG link : CVE-2024-33374

JSON object : View

Products Affected

No product.

CWE
CWE-269

Improper Privilege Management