CVE-2024-33377

{"id": "CVE-2024-33377", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-06-14T15:15:50.270", "references": [{"url": "https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Clickjacking-%28CVE%E2%80%902024%E2%80%9033377%29", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Clickjacking-%28CVE%E2%80%902024%E2%80%9033377%29", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1021"}]}], "descriptions": [{"lang": "en", "value": "LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page."}, {"lang": "es", "value": "Se descubri\u00f3 que LB-LINK BL-W1210M v2.0 contiene una vulnerabilidad de clickjacking a trav\u00e9s de la p\u00e1gina de inicio de sesi\u00f3n del administrador. Los atacantes pueden hacer que los usuarios v\u00edctimas realicen operaciones arbitrarias mediante la interacci\u00f3n con elementos manipulados en la p\u00e1gina web."}], "lastModified": "2025-05-30T14:12:07.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lb-link:bl-w1210m_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE5136A1-A57B-4FD9-99E5-CF0AF4858486"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lb-link:bl-w1210m:2.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56AD7616-0BD9-4DC2-993C-98D8031982D8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}