CVE-2024-33373

Published: Jun 14, 2024Modified: Jun 6, 2025

6.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 2.8 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack.

Affected (1)

Products: Lb Link: Bl W1210m Firmware

Lb Link

1 product

Bl W1210m Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lb Link Bl W1210m Firmware	All versions

Running on/with	Platform Versions
Lb Link Bl W1210m	Version 2.0

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Password-Policy-Bypass--%7C--Inconsistent-Password-Policy-%28CVE%E2%80%902024%E2%80%9033373%29

Source: cve@mitre.org

Broken Link

https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/

Source: cve@mitre.org

Third Party Advisory

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.