{"uuid": "ee2830aa-ea96-4bc3-9f84-6031509f40c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28875", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/9437", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28875 - \"LevelOne WBR-6012 Web Services Remote Command Execution Backdoor\"\", \n  \"Content\": \"CVE ID : CVE-2024-28875 \nPublished : Oct. 30, 2024, 2:15 p.m. | 27\u00a0minutes ago \nDescription : A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be found at address 0x80100910  \n  \n    80100910 40 6d 21 74        ds         \"@m!t2K1\"  \n             32 4b 31 00  \n               \nIt is referenced by the function located at 0x800b78b0 and is used as shown in the pseudocode below:  \n  \n    if ((SECOND_FROM_BOOT_TIME < 300) &&  \n        (is_equal = strcmp(password,\"@m!t2K1\")) {  \n            return 1;}  \n              \nWhere 1 is the return value to admin-level access (0 being fail and 3 being user). \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-30T15:52:13.000000Z"}