CVE-2024-33377

LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Clickjacking-%28CVE%E2%80%902024%E2%80%9033377%29	Broken Link
https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/	Exploit Third Party Advisory
https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Clickjacking-%28CVE%E2%80%902024%E2%80%9033377%29	Broken Link
https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lb-link:bl-w1210m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lb-link:bl-w1210m:2.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-06-14 15:15

Updated : 2025-05-30 14:12

NVD link : CVE-2024-33377

Mitre link : CVE-2024-33377

CVE.ORG link : CVE-2024-33377

JSON object : View

Products Affected

lb-link

bl-w1210m_firmware
bl-w1210m

CWE

CWE-1021

Improper Restriction of Rendered UI Layers or Frames

{"id": "CVE-2024-33377", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-06-14T15:15:50.270", "references": [{"url": "https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Clickjacking-%28CVE%E2%80%902024%E2%80%9033377%29", "tags": ["Broken Link"], "source": "[email protected]"}, {"url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Clickjacking-%28CVE%E2%80%902024%E2%80%9033377%29", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1021"}]}], "descriptions": [{"lang": "en", "value": "LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page."}, {"lang": "es", "value": "Se descubri\u00f3 que LB-LINK BL-W1210M v2.0 contiene una vulnerabilidad de clickjacking a trav\u00e9s de la p\u00e1gina de inicio de sesi\u00f3n del administrador. Los atacantes pueden hacer que los usuarios v\u00edctimas realicen operaciones arbitrarias mediante la interacci\u00f3n con elementos manipulados en la p\u00e1gina web."}], "lastModified": "2025-05-30T14:12:07.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lb-link:bl-w1210m_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE5136A1-A57B-4FD9-99E5-CF0AF4858486"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lb-link:bl-w1210m:2.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56AD7616-0BD9-4DC2-993C-98D8031982D8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}