CVE-2024-33374
📋 TL;DR
This vulnerability allows attackers to gain root access to the LB-LINK BL-W1210M v2.0 router via its UART/serial interface without authentication. Anyone using this specific router model is affected, as the flaw enables complete device compromise. Physical access to the router's serial port is required for exploitation.
💻 Affected Systems
- LB-LINK BL-W1210M router
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete router takeover allowing network traffic interception, credential theft, malware deployment, and persistent backdoor installation.
Likely Case
Local attacker with physical access gains root shell to reconfigure router, disable security features, or install malicious firmware.
If Mitigated
With physical security preventing access to serial port, impact is minimal as exploitation requires physical device access.
🎯 Exploit Status
Exploitation requires soldering/connecting to UART pins and using serial terminal. Technical but straightforward for attackers with hardware skills.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Consider replacing affected hardware or implementing physical security controls.
🔧 Temporary Workarounds
Physical Security Hardening
allPrevent physical access to router's serial interface by securing device location and applying tamper-evident seals.
Disable UART Interface
allIf firmware allows, disable UART/serial debugging interface through configuration.
🧯 If You Can't Patch
- Replace affected routers with secure models from different vendors
- Implement strict physical access controls and surveillance for router locations
🔍 How to Verify
Check if Vulnerable:
Check router label for model BL-W1210M and hardware version 2.0. Physically inspect PCB for accessible UART pins.Check Version:
Check physical label on router or login to web interface to confirm model and version.Verify Fix Applied:
No fix available to verify. Replacement with non-vulnerable hardware is the only verification.📡 Detection & Monitoring
Log Indicators:
- Serial console access logs (if enabled)
- Unexpected configuration changes
- New admin users
Network Indicators:
- Unusual outbound connections from router
- DNS or routing configuration changes
SIEM Query:
Search for router configuration changes, new admin account creation, or serial interface access events.🔗 References
- https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-%28CVE%E2%80%902024%E2%80%9033374%29
- https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/
- https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-%28CVE%E2%80%902024%E2%80%9033374%29
- https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/
