CVE-2024-31152 – The LevelOne WBR-6012 router with firmware R0.4... (How to Fix)

Q: What is the severity of CVE-2024-31152?

CVE-2024-31152 has a CVSS score of 5.3 (MEDIUM). The LevelOne WBR-6012 router with firmware R0.40e6 has an improper resource allocation vulnerability in its web application. Attackers can send crafted HTTP requests to cause the router to reboot, leading to network service interruptions. This affects users of this specific router model with the vulnerable firmware.

📋 TL;DR

The LevelOne WBR-6012 router with firmware R0.40e6 has an improper resource allocation vulnerability in its web application. Attackers can send crafted HTTP requests to cause the router to reboot, leading to network service interruptions. This affects users of this specific router model with the vulnerable firmware.

💻 Affected Systems

Products:

LevelOne WBR-6012 router

Versions: Firmware R0.40e6

Operating Systems: Embedded router OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific firmware version mentioned; other versions may not be vulnerable.

📦 What is this software?

Wbr 6012 Firmware by Level1

View all CVEs affecting Wbr 6012 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Repeated exploitation could cause persistent denial of service, making the router unavailable for extended periods and disrupting all network connectivity.

🟠

Likely Case

Temporary network outages from router reboots, causing service interruptions for connected devices.

🟢

If Mitigated

Minimal impact if router is behind firewall with restricted web interface access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted HTTP requests to the web interface; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check vendor website for firmware updates. If available, download latest firmware and apply through router web interface.

🔧 Temporary Workarounds

Restrict web interface access

all

Limit access to router web interface to trusted IP addresses only

Disable remote management

all

Turn off remote management feature if not needed

🧯 If You Can't Patch

Replace router with supported model
Implement network segmentation to isolate router from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface under System Status or similar section

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify firmware version is no longer R0.40e6 after update

📡 Detection & Monitoring

Log Indicators:

Multiple HTTP requests to router web interface followed by reboot events
Unusual HTTP request patterns

Network Indicators:

HTTP traffic to router web interface with malformed requests
Router becoming unresponsive

SIEM Query:

source="router_logs" AND (event="reboot" OR event="http_request") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2024-31152

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-400

Published: October 30, 2024

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1982 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1982

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31152, you might also want to check these: