CVE-2024-33377

HIGH

8.1

Description

LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page.

CVE Details

CVSS v3.1 Score8.1

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published6/14/2024

Last Modified5/30/2025

Sourcenvd

Honeypot Sightings0

Affected Products

lb-link:bl-w1210mlb-link:bl-w1210m_firmware

Weaknesses (CWE)

CWE-1021

References

https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Clickjacking-%28CVE%E2%80%902024%E2%80%9033377%29(cve@mitre.org)

https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/(cve@mitre.org)

https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Clickjacking-%28CVE%E2%80%902024%E2%80%9033377%29(af854a3a-2127-422b-91ae-364da2661108)

https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.