Search criteria
21 vulnerabilities found for vap11g_firmware by vonets
FKIE_CVE-2024-42001
Vulnerability from fkie_nvd - Published: 2024-08-12 13:38 - Updated: 2024-08-20 16:37
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An improper authentication vulnerability affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior enables an unauthenticated remote attacker to
bypass authentication via a specially crafted direct request when
another user has an active session.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vonets | var1200-h_firmware | * | |
| vonets | var1200-h | - | |
| vonets | var1200-l_firmware | * | |
| vonets | var1200-l | - | |
| vonets | var600-h_firmware | * | |
| vonets | var600-h | - | |
| vonets | vap11ac_firmware | * | |
| vonets | vap11ac | - | |
| vonets | vap11g-500s_firmware | * | |
| vonets | vap11g-500s | - | |
| vonets | vbg1200_firmware | * | |
| vonets | vbg1200 | - | |
| vonets | vap11s-5g_firmware | * | |
| vonets | vap11s-5g | - | |
| vonets | vap11s_firmware | * | |
| vonets | vap11s | - | |
| vonets | var11n-300_firmware | * | |
| vonets | var11n-300 | - | |
| vonets | vap11g-300_firmware | * | |
| vonets | vap11g-300 | - | |
| vonets | vap11n-300_firmware | * | |
| vonets | vap11n-300 | - | |
| vonets | vap11g_firmware | * | |
| vonets | vap11g | - | |
| vonets | vap11g-500_firmware | * | |
| vonets | vap11g-500 | - | |
| vonets | vga-1000_firmware | * | |
| vonets | vga-1000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94DAF720-5399-46A2-A9AB-3831045B86D2",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2E3C6A-6CC6-4954-B06C-3F023C964426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273874D4-43E0-44D4-AB4E-D66DE1F1B824",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4B65A1-D625-4712-8311-685CA0A6438B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCC4730-7801-485C-994F-DB7B942AA9F4",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB22B21B-526A-4119-9278-E84138D523E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C007C620-CAF2-436E-AAA9-C012CEFCEA3B",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21B9AA55-A333-4D10-A9D8-19558465F56E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC4DF91-B718-4CFE-BEE7-4E9CFF121C01",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9EC2642-6A5B-4DA8-A675-B9F3CAD9B35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFA8106-50EE-428D-9297-930CE9CC99C1",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4D6B12-50A8-4314-AEDA-E3C669F772C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D95A2EE8-B22F-4671-8DF8-3757A335B006",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66E94FE6-235A-46F0-81B0-DFF88C454BB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "060B7C85-806D-45B3-8268-10AC5E475171",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C434D025-8361-4C2D-AC7D-4E4A44237C27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFA50C3-2B3E-4755-98FB-63CED2CA7B8F",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D5A3C0-8303-4E77-9DE1-75FD9DAED295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E71F95-814C-4EDA-8647-B03CA6AAFDEB",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B23375E-0E77-4423-AEDA-9A9F26052834",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7018E246-D211-4366-8664-90B00E68AA74",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE0116E-37B8-4E0A-8874-A59989712743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C1B20A-8F03-4C6E-8715-B68DBBBAFB97",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F510F0DC-C170-45A3-989B-2FA8791B4FC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52909496-4BEB-43DB-80E3-F710BCA0CAA5",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B61E3489-034E-4DD2-8699-477647462CF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAF11BE-F3F4-4D40-9156-DDB2FFBF9470",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA90833B-D40E-42F0-8ECF-86C90E4511C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability affecting Vonets\n\n\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior enables an unauthenticated remote attacker to \nbypass authentication via a specially crafted direct request when \nanother user has an active session."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autenticaci\u00f3n inadecuada que afecta a los rel\u00e9s de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permite a un atacante remoto no autenticado evitar la autenticaci\u00f3n a trav\u00e9s de una solicitud directa especialmente manipulada cuando otro usuario tiene una sesi\u00f3n activa."
}
],
"id": "CVE-2024-42001",
"lastModified": "2024-08-20T16:37:05.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2024-08-12T13:38:32.140",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-41936
Vulnerability from fkie_nvd - Published: 2024-08-12 13:38 - Updated: 2024-08-20 16:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9
and prior, enables an unauthenticated remote attacker to read arbitrary
files and bypass authentication.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vonets | var1200-h_firmware | * | |
| vonets | var1200-h | - | |
| vonets | var1200-l_firmware | * | |
| vonets | var1200-l | - | |
| vonets | var600-h_firmware | * | |
| vonets | var600-h | - | |
| vonets | vap11ac_firmware | * | |
| vonets | vap11ac | - | |
| vonets | vap11g-500s_firmware | * | |
| vonets | vap11g-500s | - | |
| vonets | vbg1200_firmware | * | |
| vonets | vbg1200 | - | |
| vonets | vap11s-5g_firmware | * | |
| vonets | vap11s-5g | - | |
| vonets | vap11s_firmware | * | |
| vonets | vap11s | - | |
| vonets | var11n-300_firmware | * | |
| vonets | var11n-300 | - | |
| vonets | vap11g-300_firmware | * | |
| vonets | vap11g-300 | - | |
| vonets | vap11n-300_firmware | * | |
| vonets | vap11n-300 | - | |
| vonets | vap11g_firmware | * | |
| vonets | vap11g | - | |
| vonets | vap11g-500_firmware | * | |
| vonets | vap11g-500 | - | |
| vonets | vga-1000_firmware | * | |
| vonets | vga-1000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94DAF720-5399-46A2-A9AB-3831045B86D2",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2E3C6A-6CC6-4954-B06C-3F023C964426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273874D4-43E0-44D4-AB4E-D66DE1F1B824",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4B65A1-D625-4712-8311-685CA0A6438B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCC4730-7801-485C-994F-DB7B942AA9F4",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB22B21B-526A-4119-9278-E84138D523E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C007C620-CAF2-436E-AAA9-C012CEFCEA3B",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21B9AA55-A333-4D10-A9D8-19558465F56E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC4DF91-B718-4CFE-BEE7-4E9CFF121C01",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9EC2642-6A5B-4DA8-A675-B9F3CAD9B35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFA8106-50EE-428D-9297-930CE9CC99C1",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4D6B12-50A8-4314-AEDA-E3C669F772C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D95A2EE8-B22F-4671-8DF8-3757A335B006",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66E94FE6-235A-46F0-81B0-DFF88C454BB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "060B7C85-806D-45B3-8268-10AC5E475171",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C434D025-8361-4C2D-AC7D-4E4A44237C27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFA50C3-2B3E-4755-98FB-63CED2CA7B8F",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D5A3C0-8303-4E77-9DE1-75FD9DAED295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E71F95-814C-4EDA-8647-B03CA6AAFDEB",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B23375E-0E77-4423-AEDA-9A9F26052834",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7018E246-D211-4366-8664-90B00E68AA74",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE0116E-37B8-4E0A-8874-A59989712743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C1B20A-8F03-4C6E-8715-B68DBBBAFB97",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F510F0DC-C170-45A3-989B-2FA8791B4FC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52909496-4BEB-43DB-80E3-F710BCA0CAA5",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B61E3489-034E-4DD2-8699-477647462CF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAF11BE-F3F4-4D40-9156-DDB2FFBF9470",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA90833B-D40E-42F0-8ECF-86C90E4511C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 \nand prior, enables an unauthenticated remote attacker to read arbitrary \nfiles and bypass authentication."
},
{
"lang": "es",
"value": "Una vulnerabilidad de directory traversal que afecta a los rel\u00e9s de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permite a un atacante remoto no autenticado leer archivos arbitrarios y eludir la autenticaci\u00f3n."
}
],
"id": "CVE-2024-41936",
"lastModified": "2024-08-20T16:26:54.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2024-08-12T13:38:31.850",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-39815
Vulnerability from fkie_nvd - Published: 2024-08-12 13:38 - Updated: 2024-08-20 17:14
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Improper check or handling of exceptional conditions vulnerability
affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated
remote attacker to cause a denial of service. A specially-crafted
HTTP request to pre-authentication resources can crash the service.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vonets | var1200-h_firmware | * | |
| vonets | var1200-h | - | |
| vonets | var1200-l_firmware | * | |
| vonets | var1200-l | - | |
| vonets | var600-h_firmware | * | |
| vonets | var600-h | - | |
| vonets | vap11ac_firmware | * | |
| vonets | vap11ac | - | |
| vonets | vap11g-500s_firmware | * | |
| vonets | vap11g-500s | - | |
| vonets | vbg1200_firmware | * | |
| vonets | vbg1200 | - | |
| vonets | vap11s-5g_firmware | * | |
| vonets | vap11s-5g | - | |
| vonets | vap11s_firmware | * | |
| vonets | vap11s | - | |
| vonets | var11n-300_firmware | * | |
| vonets | var11n-300 | - | |
| vonets | vap11g-300_firmware | * | |
| vonets | vap11g-300 | - | |
| vonets | vap11n-300_firmware | * | |
| vonets | vap11n-300 | - | |
| vonets | vap11g_firmware | * | |
| vonets | vap11g | - | |
| vonets | vap11g-500_firmware | * | |
| vonets | vap11g-500 | - | |
| vonets | vga-1000_firmware | * | |
| vonets | vga-1000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94DAF720-5399-46A2-A9AB-3831045B86D2",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2E3C6A-6CC6-4954-B06C-3F023C964426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273874D4-43E0-44D4-AB4E-D66DE1F1B824",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4B65A1-D625-4712-8311-685CA0A6438B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCC4730-7801-485C-994F-DB7B942AA9F4",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB22B21B-526A-4119-9278-E84138D523E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C007C620-CAF2-436E-AAA9-C012CEFCEA3B",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21B9AA55-A333-4D10-A9D8-19558465F56E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC4DF91-B718-4CFE-BEE7-4E9CFF121C01",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9EC2642-6A5B-4DA8-A675-B9F3CAD9B35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFA8106-50EE-428D-9297-930CE9CC99C1",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4D6B12-50A8-4314-AEDA-E3C669F772C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D95A2EE8-B22F-4671-8DF8-3757A335B006",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66E94FE6-235A-46F0-81B0-DFF88C454BB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "060B7C85-806D-45B3-8268-10AC5E475171",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C434D025-8361-4C2D-AC7D-4E4A44237C27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFA50C3-2B3E-4755-98FB-63CED2CA7B8F",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D5A3C0-8303-4E77-9DE1-75FD9DAED295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E71F95-814C-4EDA-8647-B03CA6AAFDEB",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B23375E-0E77-4423-AEDA-9A9F26052834",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7018E246-D211-4366-8664-90B00E68AA74",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE0116E-37B8-4E0A-8874-A59989712743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C1B20A-8F03-4C6E-8715-B68DBBBAFB97",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F510F0DC-C170-45A3-989B-2FA8791B4FC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52909496-4BEB-43DB-80E3-F710BCA0CAA5",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B61E3489-034E-4DD2-8699-477647462CF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAF11BE-F3F4-4D40-9156-DDB2FFBF9470",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA90833B-D40E-42F0-8ECF-86C90E4511C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper check or handling of exceptional conditions vulnerability \naffecting Vonets\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \nremote attacker to cause a denial of service. A specially-crafted \nHTTP request to pre-authentication resources can crash the service."
},
{
"lang": "es",
"value": "La verificaci\u00f3n o el manejo inadecuados de la vulnerabilidad de condiciones excepcionales que afectan a los rel\u00e9s de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permiten que un atacante remoto no autenticado provoque una denegaci\u00f3n de servicio. Una solicitud HTTP especialmente manipulada para recursos de autenticaci\u00f3n previa puede bloquear el servicio."
}
],
"id": "CVE-2024-39815",
"lastModified": "2024-08-20T17:14:18.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2024-08-12T13:38:25.150",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-703"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-39791
Vulnerability from fkie_nvd - Published: 2024-08-12 13:38 - Updated: 2024-08-20 17:15
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Stack-based buffer overflow vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enable an unauthenticated remote attacker to
execute arbitrary code.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vonets | var1200-h_firmware | * | |
| vonets | var1200-h | - | |
| vonets | var1200-l_firmware | * | |
| vonets | var1200-l | - | |
| vonets | var600-h_firmware | * | |
| vonets | var600-h | - | |
| vonets | vap11ac_firmware | * | |
| vonets | vap11ac | - | |
| vonets | vap11g-500s_firmware | * | |
| vonets | vap11g-500s | - | |
| vonets | vbg1200_firmware | * | |
| vonets | vbg1200 | - | |
| vonets | vap11s-5g_firmware | * | |
| vonets | vap11s-5g | - | |
| vonets | vap11s_firmware | * | |
| vonets | vap11s | - | |
| vonets | var11n-300_firmware | * | |
| vonets | var11n-300 | - | |
| vonets | vap11g-300_firmware | * | |
| vonets | vap11g-300 | - | |
| vonets | vap11n-300_firmware | * | |
| vonets | vap11n-300 | - | |
| vonets | vap11g_firmware | * | |
| vonets | vap11g | - | |
| vonets | vap11g-500_firmware | * | |
| vonets | vap11g-500 | - | |
| vonets | vga-1000_firmware | * | |
| vonets | vga-1000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94DAF720-5399-46A2-A9AB-3831045B86D2",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2E3C6A-6CC6-4954-B06C-3F023C964426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273874D4-43E0-44D4-AB4E-D66DE1F1B824",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4B65A1-D625-4712-8311-685CA0A6438B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCC4730-7801-485C-994F-DB7B942AA9F4",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB22B21B-526A-4119-9278-E84138D523E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C007C620-CAF2-436E-AAA9-C012CEFCEA3B",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21B9AA55-A333-4D10-A9D8-19558465F56E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC4DF91-B718-4CFE-BEE7-4E9CFF121C01",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9EC2642-6A5B-4DA8-A675-B9F3CAD9B35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFA8106-50EE-428D-9297-930CE9CC99C1",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4D6B12-50A8-4314-AEDA-E3C669F772C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D95A2EE8-B22F-4671-8DF8-3757A335B006",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66E94FE6-235A-46F0-81B0-DFF88C454BB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "060B7C85-806D-45B3-8268-10AC5E475171",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C434D025-8361-4C2D-AC7D-4E4A44237C27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFA50C3-2B3E-4755-98FB-63CED2CA7B8F",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D5A3C0-8303-4E77-9DE1-75FD9DAED295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E71F95-814C-4EDA-8647-B03CA6AAFDEB",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B23375E-0E77-4423-AEDA-9A9F26052834",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7018E246-D211-4366-8664-90B00E68AA74",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE0116E-37B8-4E0A-8874-A59989712743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C1B20A-8F03-4C6E-8715-B68DBBBAFB97",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F510F0DC-C170-45A3-989B-2FA8791B4FC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52909496-4BEB-43DB-80E3-F710BCA0CAA5",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B61E3489-034E-4DD2-8699-477647462CF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAF11BE-F3F4-4D40-9156-DDB2FFBF9470",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA90833B-D40E-42F0-8ECF-86C90E4511C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerabilities affecting Vonets\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enable an unauthenticated remote attacker to \nexecute arbitrary code."
},
{
"lang": "es",
"value": "Vulnerabilidades de desbordamiento de b\u00fafer basadas en pila que afectan a los rel\u00e9s de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permiten que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario."
}
],
"id": "CVE-2024-39791",
"lastModified": "2024-08-20T17:15:56.067",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2024-08-12T13:38:24.857",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-37023
Vulnerability from fkie_nvd - Published: 2024-08-12 13:38 - Updated: 2024-08-20 17:12
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Multiple OS command injection vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software
versions 3.3.23.6.9 and prior, enable an authenticated remote attacker
to execute arbitrary OS commands via various endpoint parameters.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vonets | var1200-h_firmware | * | |
| vonets | var1200-h | - | |
| vonets | var1200-l_firmware | * | |
| vonets | var1200-l | - | |
| vonets | var600-h_firmware | * | |
| vonets | var600-h | - | |
| vonets | vap11ac_firmware | * | |
| vonets | vap11ac | - | |
| vonets | vap11g-500s_firmware | * | |
| vonets | vap11g-500s | - | |
| vonets | vbg1200_firmware | * | |
| vonets | vbg1200 | - | |
| vonets | vap11s-5g_firmware | * | |
| vonets | vap11s-5g | - | |
| vonets | vap11s_firmware | * | |
| vonets | vap11s | - | |
| vonets | var11n-300_firmware | * | |
| vonets | var11n-300 | - | |
| vonets | vap11g-300_firmware | * | |
| vonets | vap11g-300 | - | |
| vonets | vap11n-300_firmware | * | |
| vonets | vap11n-300 | - | |
| vonets | vap11g_firmware | * | |
| vonets | vap11g | - | |
| vonets | vap11g-500_firmware | * | |
| vonets | vap11g-500 | - | |
| vonets | vga-1000_firmware | * | |
| vonets | vga-1000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94DAF720-5399-46A2-A9AB-3831045B86D2",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2E3C6A-6CC6-4954-B06C-3F023C964426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273874D4-43E0-44D4-AB4E-D66DE1F1B824",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4B65A1-D625-4712-8311-685CA0A6438B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCC4730-7801-485C-994F-DB7B942AA9F4",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB22B21B-526A-4119-9278-E84138D523E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C007C620-CAF2-436E-AAA9-C012CEFCEA3B",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21B9AA55-A333-4D10-A9D8-19558465F56E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC4DF91-B718-4CFE-BEE7-4E9CFF121C01",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9EC2642-6A5B-4DA8-A675-B9F3CAD9B35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFA8106-50EE-428D-9297-930CE9CC99C1",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4D6B12-50A8-4314-AEDA-E3C669F772C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D95A2EE8-B22F-4671-8DF8-3757A335B006",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66E94FE6-235A-46F0-81B0-DFF88C454BB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "060B7C85-806D-45B3-8268-10AC5E475171",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C434D025-8361-4C2D-AC7D-4E4A44237C27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFA50C3-2B3E-4755-98FB-63CED2CA7B8F",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D5A3C0-8303-4E77-9DE1-75FD9DAED295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E71F95-814C-4EDA-8647-B03CA6AAFDEB",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B23375E-0E77-4423-AEDA-9A9F26052834",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7018E246-D211-4366-8664-90B00E68AA74",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE0116E-37B8-4E0A-8874-A59989712743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C1B20A-8F03-4C6E-8715-B68DBBBAFB97",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F510F0DC-C170-45A3-989B-2FA8791B4FC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52909496-4BEB-43DB-80E3-F710BCA0CAA5",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B61E3489-034E-4DD2-8699-477647462CF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAF11BE-F3F4-4D40-9156-DDB2FFBF9470",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA90833B-D40E-42F0-8ECF-86C90E4511C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple OS command injection vulnerabilities affecting Vonets \n\n industrial wifi bridge relays and wifi bridge repeaters, software \nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \nto execute arbitrary OS commands via various endpoint parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos del sistema operativo que afectan a los rel\u00e9s de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permiten a un atacante remoto autenticado ejecutar comandos arbitrarios del sistema operativo a trav\u00e9s de varios par\u00e1metros de endpoint."
}
],
"id": "CVE-2024-37023",
"lastModified": "2024-08-20T17:12:03.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2024-08-12T13:38:22.837",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-29082
Vulnerability from fkie_nvd - Published: 2024-08-12 13:38 - Updated: 2024-08-20 17:11
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Summary
Improper access control vulnerability affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9
and prior, enables an unauthenticated remote attacker to bypass
authentication and factory reset the device via unprotected goform
endpoints.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vonets | var1200-h_firmware | * | |
| vonets | var1200-h | - | |
| vonets | var1200-l_firmware | * | |
| vonets | var1200-l | - | |
| vonets | var600-h_firmware | * | |
| vonets | var600-h | - | |
| vonets | vap11ac_firmware | * | |
| vonets | vap11ac | - | |
| vonets | vap11g-500s_firmware | * | |
| vonets | vap11g-500s | - | |
| vonets | vbg1200_firmware | * | |
| vonets | vbg1200 | - | |
| vonets | vap11s-5g_firmware | * | |
| vonets | vap11s-5g | - | |
| vonets | vap11s_firmware | * | |
| vonets | vap11s | - | |
| vonets | var11n-300_firmware | * | |
| vonets | var11n-300 | - | |
| vonets | vap11g-300_firmware | * | |
| vonets | vap11g-300 | - | |
| vonets | vap11n-300_firmware | * | |
| vonets | vap11n-300 | - | |
| vonets | vap11g_firmware | * | |
| vonets | vap11g | - | |
| vonets | vap11g-500_firmware | * | |
| vonets | vap11g-500 | - | |
| vonets | vga-1000_firmware | * | |
| vonets | vga-1000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94DAF720-5399-46A2-A9AB-3831045B86D2",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2E3C6A-6CC6-4954-B06C-3F023C964426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273874D4-43E0-44D4-AB4E-D66DE1F1B824",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4B65A1-D625-4712-8311-685CA0A6438B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCC4730-7801-485C-994F-DB7B942AA9F4",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB22B21B-526A-4119-9278-E84138D523E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C007C620-CAF2-436E-AAA9-C012CEFCEA3B",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21B9AA55-A333-4D10-A9D8-19558465F56E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC4DF91-B718-4CFE-BEE7-4E9CFF121C01",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9EC2642-6A5B-4DA8-A675-B9F3CAD9B35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFA8106-50EE-428D-9297-930CE9CC99C1",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4D6B12-50A8-4314-AEDA-E3C669F772C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D95A2EE8-B22F-4671-8DF8-3757A335B006",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66E94FE6-235A-46F0-81B0-DFF88C454BB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "060B7C85-806D-45B3-8268-10AC5E475171",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C434D025-8361-4C2D-AC7D-4E4A44237C27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFA50C3-2B3E-4755-98FB-63CED2CA7B8F",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D5A3C0-8303-4E77-9DE1-75FD9DAED295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E71F95-814C-4EDA-8647-B03CA6AAFDEB",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B23375E-0E77-4423-AEDA-9A9F26052834",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7018E246-D211-4366-8664-90B00E68AA74",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE0116E-37B8-4E0A-8874-A59989712743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C1B20A-8F03-4C6E-8715-B68DBBBAFB97",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F510F0DC-C170-45A3-989B-2FA8791B4FC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52909496-4BEB-43DB-80E3-F710BCA0CAA5",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B61E3489-034E-4DD2-8699-477647462CF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAF11BE-F3F4-4D40-9156-DDB2FFBF9470",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA90833B-D40E-42F0-8ECF-86C90E4511C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability affecting Vonets\n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 \nand prior, enables an unauthenticated remote attacker to bypass \nauthentication and factory reset the device via unprotected goform \nendpoints."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inadecuado que afecta a los rel\u00e9s de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permite a un atacante remoto no autenticado evitar la autenticaci\u00f3n y restablecer los valores de f\u00e1brica del dispositivo a trav\u00e9s de endpoints goform desprotegidos."
}
],
"id": "CVE-2024-29082",
"lastModified": "2024-08-20T17:11:31.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2024-08-12T13:38:18.050",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-41161
Vulnerability from fkie_nvd - Published: 2024-08-08 18:15 - Updated: 2024-08-20 17:09
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enables an unauthenticated remote attacker to
bypass authentication using hard-coded administrator credentials. These
accounts cannot be disabled.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vonets | var1200-h_firmware | * | |
| vonets | var1200-h | - | |
| vonets | var1200-l_firmware | * | |
| vonets | var1200-l | - | |
| vonets | var600-h_firmware | * | |
| vonets | var600-h | - | |
| vonets | vap11ac_firmware | * | |
| vonets | vap11ac | - | |
| vonets | vap11g-500s_firmware | * | |
| vonets | vap11g-500s | - | |
| vonets | vbg1200_firmware | * | |
| vonets | vbg1200 | - | |
| vonets | vap11s-5g_firmware | * | |
| vonets | vap11s-5g | - | |
| vonets | vap11s_firmware | * | |
| vonets | vap11s | - | |
| vonets | var11n-300_firmware | * | |
| vonets | var11n-300 | - | |
| vonets | vap11g-300_firmware | * | |
| vonets | vap11g-300 | - | |
| vonets | vap11n-300_firmware | * | |
| vonets | vap11n-300 | - | |
| vonets | vap11g_firmware | * | |
| vonets | vap11g | - | |
| vonets | vap11g-500_firmware | * | |
| vonets | vap11g-500 | - | |
| vonets | vga-1000_firmware | * | |
| vonets | vga-1000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94DAF720-5399-46A2-A9AB-3831045B86D2",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2E3C6A-6CC6-4954-B06C-3F023C964426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273874D4-43E0-44D4-AB4E-D66DE1F1B824",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4B65A1-D625-4712-8311-685CA0A6438B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCC4730-7801-485C-994F-DB7B942AA9F4",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB22B21B-526A-4119-9278-E84138D523E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C007C620-CAF2-436E-AAA9-C012CEFCEA3B",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21B9AA55-A333-4D10-A9D8-19558465F56E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC4DF91-B718-4CFE-BEE7-4E9CFF121C01",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9EC2642-6A5B-4DA8-A675-B9F3CAD9B35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFA8106-50EE-428D-9297-930CE9CC99C1",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4D6B12-50A8-4314-AEDA-E3C669F772C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D95A2EE8-B22F-4671-8DF8-3757A335B006",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66E94FE6-235A-46F0-81B0-DFF88C454BB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "060B7C85-806D-45B3-8268-10AC5E475171",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C434D025-8361-4C2D-AC7D-4E4A44237C27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFA50C3-2B3E-4755-98FB-63CED2CA7B8F",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D5A3C0-8303-4E77-9DE1-75FD9DAED295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E71F95-814C-4EDA-8647-B03CA6AAFDEB",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B23375E-0E77-4423-AEDA-9A9F26052834",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7018E246-D211-4366-8664-90B00E68AA74",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE0116E-37B8-4E0A-8874-A59989712743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C1B20A-8F03-4C6E-8715-B68DBBBAFB97",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F510F0DC-C170-45A3-989B-2FA8791B4FC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52909496-4BEB-43DB-80E3-F710BCA0CAA5",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B61E3489-034E-4DD2-8699-477647462CF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAF11BE-F3F4-4D40-9156-DDB2FFBF9470",
"versionEndIncluding": "3.3.23.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA90833B-D40E-42F0-8ECF-86C90E4511C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enables an unauthenticated remote attacker to \nbypass authentication using hard-coded administrator credentials. These \naccounts cannot be disabled."
},
{
"lang": "es",
"value": "El uso de una vulnerabilidad de credenciales codificadas que afecta a los rel\u00e9s de puente wifi industriales y a los repetidores de puente WiFi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permite a un atacante remoto no autenticado evitar la autenticaci\u00f3n utilizando credenciales de administrador codificadas. Estas cuentas no se pueden deshabilitar."
}
],
"id": "CVE-2024-41161",
"lastModified": "2024-08-20T17:09:50.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2024-08-08T18:15:10.640",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
CVE-2024-42001 (GCVE-0-2024-42001)
Vulnerability from cvelistv5 – Published: 2024-08-08 19:39 – Updated: 2024-08-21 20:04
VLAI?
Title
Vonets WiFi Bridges Forced Browsing
Summary
An improper authentication vulnerability affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior enables an unauthenticated remote attacker to
bypass authentication via a specially crafted direct request when
another user has an active session.
Severity ?
CWE
- CWE-425 - Forced Browsing
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:41:30.751151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:04:53.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper authentication vulnerability affecting Vonets\n\n\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior enables an unauthenticated remote attacker to \nbypass authentication via a specially crafted direct request when \nanother user has an active session."
}
],
"value": "An improper authentication vulnerability affecting Vonets\n\n\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior enables an unauthenticated remote attacker to \nbypass authentication via a specially crafted direct request when \nanother user has an active session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Forced Browsing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:39:49.024Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Forced Browsing",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-42001",
"datePublished": "2024-08-08T19:39:49.024Z",
"dateReserved": "2024-07-30T16:15:10.118Z",
"dateUpdated": "2024-08-21T20:04:53.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39791 (GCVE-0-2024-39791)
Vulnerability from cvelistv5 – Published: 2024-08-08 19:36 – Updated: 2024-08-21 20:05
VLAI?
Title
Vonets WiFi Bridges Stack-based Buffer Overflow
Summary
Stack-based buffer overflow vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enable an unauthenticated remote attacker to
execute arbitrary code.
Severity ?
10 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:39:45.672202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:05:07.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stack-based buffer overflow vulnerabilities affecting Vonets\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enable an unauthenticated remote attacker to \nexecute arbitrary code."
}
],
"value": "Stack-based buffer overflow vulnerabilities affecting Vonets\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enable an unauthenticated remote attacker to \nexecute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:36:17.337Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Stack-based Buffer Overflow",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-39791",
"datePublished": "2024-08-08T19:36:17.337Z",
"dateReserved": "2024-07-30T16:15:10.126Z",
"dateUpdated": "2024-08-21T20:05:07.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39815 (GCVE-0-2024-39815)
Vulnerability from cvelistv5 – Published: 2024-08-08 19:33 – Updated: 2024-08-21 20:04
VLAI?
Title
Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions
Summary
Improper check or handling of exceptional conditions vulnerability
affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated
remote attacker to cause a denial of service. A specially-crafted
HTTP request to pre-authentication resources can crash the service.
Severity ?
9.1 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:41:59.876924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:04:38.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper check or handling of exceptional conditions vulnerability \naffecting Vonets\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \nremote attacker to cause a denial of service. A specially-crafted \nHTTP request to pre-authentication resources can crash the service."
}
],
"value": "Improper check or handling of exceptional conditions vulnerability \naffecting Vonets\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \nremote attacker to cause a denial of service. A specially-crafted \nHTTP request to pre-authentication resources can crash the service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:43:20.731Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-39815",
"datePublished": "2024-08-08T19:33:35.137Z",
"dateReserved": "2024-07-30T16:15:10.109Z",
"dateUpdated": "2024-08-21T20:04:38.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37023 (GCVE-0-2024-37023)
Vulnerability from cvelistv5 – Published: 2024-08-08 19:30 – Updated: 2024-08-21 20:04
VLAI?
Title
Vonets WiFi Bridges Command Injection
Summary
Multiple OS command injection vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software
versions 3.3.23.6.9 and prior, enable an authenticated remote attacker
to execute arbitrary OS commands via various endpoint parameters.
Severity ?
9.1 (Critical)
CWE
- CWE-77 - Command Injection
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:42:37.219187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:04:21.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple OS command injection vulnerabilities affecting Vonets \n\n industrial wifi bridge relays and wifi bridge repeaters, software \nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \nto execute arbitrary OS commands via various endpoint parameters."
}
],
"value": "Multiple OS command injection vulnerabilities affecting Vonets \n\n industrial wifi bridge relays and wifi bridge repeaters, software \nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \nto execute arbitrary OS commands via various endpoint parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:42:41.939Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Command Injection",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-37023",
"datePublished": "2024-08-08T19:30:40.496Z",
"dateReserved": "2024-07-30T16:15:10.100Z",
"dateUpdated": "2024-08-21T20:04:21.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41936 (GCVE-0-2024-41936)
Vulnerability from cvelistv5 – Published: 2024-08-08 19:27 – Updated: 2024-08-21 20:05
VLAI?
Title
Vonets WiFi Bridges Path Traversal
Summary
A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9
and prior, enables an unauthenticated remote attacker to read arbitrary
files and bypass authentication.
Severity ?
CWE
- CWE-22 - Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T13:40:12.363380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:05:27.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 \nand prior, enables an unauthenticated remote attacker to read arbitrary \nfiles and bypass authentication."
}
],
"value": "A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 \nand prior, enables an unauthenticated remote attacker to read arbitrary \nfiles and bypass authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:42:02.773Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Path Traversal",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-41936",
"datePublished": "2024-08-08T19:27:19.585Z",
"dateReserved": "2024-07-30T16:15:10.091Z",
"dateUpdated": "2024-08-21T20:05:27.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29082 (GCVE-0-2024-29082)
Vulnerability from cvelistv5 – Published: 2024-08-08 19:23 – Updated: 2024-08-21 20:03
VLAI?
Title
Vonets WiFi Bridges Improper Access Control
Summary
Improper access control vulnerability affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9
and prior, enables an unauthenticated remote attacker to bypass
authentication and factory reset the device via unprotected goform
endpoints.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:43:23.222319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:03:57.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control vulnerability affecting Vonets\n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 \nand prior, enables an unauthenticated remote attacker to bypass \nauthentication and factory reset the device via unprotected goform \nendpoints."
}
],
"value": "Improper access control vulnerability affecting Vonets\n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 \nand prior, enables an unauthenticated remote attacker to bypass \nauthentication and factory reset the device via unprotected goform \nendpoints."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:41:29.764Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-29082",
"datePublished": "2024-08-08T19:23:23.133Z",
"dateReserved": "2024-07-30T16:15:10.076Z",
"dateUpdated": "2024-08-21T20:03:57.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41161 (GCVE-0-2024-41161)
Vulnerability from cvelistv5 – Published: 2024-08-08 17:49 – Updated: 2024-08-09 14:37
VLAI?
Title
Vonets WiFi Bridges Use of Hard-coded Credentials
Summary
Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enables an unauthenticated remote attacker to
bypass authentication using hard-coded administrator credentials. These
accounts cannot be disabled.
Severity ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:37:46.342614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T14:37:54.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enables an unauthenticated remote attacker to \nbypass authentication using hard-coded administrator credentials. These \naccounts cannot be disabled."
}
],
"value": "Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enables an unauthenticated remote attacker to \nbypass authentication using hard-coded administrator credentials. These \naccounts cannot be disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:40:53.254Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Use of Hard-coded Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-41161",
"datePublished": "2024-08-08T17:49:35.888Z",
"dateReserved": "2024-07-30T16:15:10.064Z",
"dateUpdated": "2024-08-09T14:37:54.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42001 (GCVE-0-2024-42001)
Vulnerability from nvd – Published: 2024-08-08 19:39 – Updated: 2024-08-21 20:04
VLAI?
Title
Vonets WiFi Bridges Forced Browsing
Summary
An improper authentication vulnerability affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior enables an unauthenticated remote attacker to
bypass authentication via a specially crafted direct request when
another user has an active session.
Severity ?
CWE
- CWE-425 - Forced Browsing
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:41:30.751151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:04:53.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper authentication vulnerability affecting Vonets\n\n\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior enables an unauthenticated remote attacker to \nbypass authentication via a specially crafted direct request when \nanother user has an active session."
}
],
"value": "An improper authentication vulnerability affecting Vonets\n\n\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior enables an unauthenticated remote attacker to \nbypass authentication via a specially crafted direct request when \nanother user has an active session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Forced Browsing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:39:49.024Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Forced Browsing",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-42001",
"datePublished": "2024-08-08T19:39:49.024Z",
"dateReserved": "2024-07-30T16:15:10.118Z",
"dateUpdated": "2024-08-21T20:04:53.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39791 (GCVE-0-2024-39791)
Vulnerability from nvd – Published: 2024-08-08 19:36 – Updated: 2024-08-21 20:05
VLAI?
Title
Vonets WiFi Bridges Stack-based Buffer Overflow
Summary
Stack-based buffer overflow vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enable an unauthenticated remote attacker to
execute arbitrary code.
Severity ?
10 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:39:45.672202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:05:07.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stack-based buffer overflow vulnerabilities affecting Vonets\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enable an unauthenticated remote attacker to \nexecute arbitrary code."
}
],
"value": "Stack-based buffer overflow vulnerabilities affecting Vonets\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enable an unauthenticated remote attacker to \nexecute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:36:17.337Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Stack-based Buffer Overflow",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-39791",
"datePublished": "2024-08-08T19:36:17.337Z",
"dateReserved": "2024-07-30T16:15:10.126Z",
"dateUpdated": "2024-08-21T20:05:07.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39815 (GCVE-0-2024-39815)
Vulnerability from nvd – Published: 2024-08-08 19:33 – Updated: 2024-08-21 20:04
VLAI?
Title
Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions
Summary
Improper check or handling of exceptional conditions vulnerability
affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated
remote attacker to cause a denial of service. A specially-crafted
HTTP request to pre-authentication resources can crash the service.
Severity ?
9.1 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:41:59.876924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:04:38.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper check or handling of exceptional conditions vulnerability \naffecting Vonets\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \nremote attacker to cause a denial of service. A specially-crafted \nHTTP request to pre-authentication resources can crash the service."
}
],
"value": "Improper check or handling of exceptional conditions vulnerability \naffecting Vonets\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \nremote attacker to cause a denial of service. A specially-crafted \nHTTP request to pre-authentication resources can crash the service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:43:20.731Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-39815",
"datePublished": "2024-08-08T19:33:35.137Z",
"dateReserved": "2024-07-30T16:15:10.109Z",
"dateUpdated": "2024-08-21T20:04:38.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37023 (GCVE-0-2024-37023)
Vulnerability from nvd – Published: 2024-08-08 19:30 – Updated: 2024-08-21 20:04
VLAI?
Title
Vonets WiFi Bridges Command Injection
Summary
Multiple OS command injection vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software
versions 3.3.23.6.9 and prior, enable an authenticated remote attacker
to execute arbitrary OS commands via various endpoint parameters.
Severity ?
9.1 (Critical)
CWE
- CWE-77 - Command Injection
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:42:37.219187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:04:21.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple OS command injection vulnerabilities affecting Vonets \n\n industrial wifi bridge relays and wifi bridge repeaters, software \nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \nto execute arbitrary OS commands via various endpoint parameters."
}
],
"value": "Multiple OS command injection vulnerabilities affecting Vonets \n\n industrial wifi bridge relays and wifi bridge repeaters, software \nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \nto execute arbitrary OS commands via various endpoint parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:42:41.939Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Command Injection",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-37023",
"datePublished": "2024-08-08T19:30:40.496Z",
"dateReserved": "2024-07-30T16:15:10.100Z",
"dateUpdated": "2024-08-21T20:04:21.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41936 (GCVE-0-2024-41936)
Vulnerability from nvd – Published: 2024-08-08 19:27 – Updated: 2024-08-21 20:05
VLAI?
Title
Vonets WiFi Bridges Path Traversal
Summary
A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9
and prior, enables an unauthenticated remote attacker to read arbitrary
files and bypass authentication.
Severity ?
CWE
- CWE-22 - Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T13:40:12.363380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:05:27.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 \nand prior, enables an unauthenticated remote attacker to read arbitrary \nfiles and bypass authentication."
}
],
"value": "A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 \nand prior, enables an unauthenticated remote attacker to read arbitrary \nfiles and bypass authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:42:02.773Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Path Traversal",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-41936",
"datePublished": "2024-08-08T19:27:19.585Z",
"dateReserved": "2024-07-30T16:15:10.091Z",
"dateUpdated": "2024-08-21T20:05:27.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29082 (GCVE-0-2024-29082)
Vulnerability from nvd – Published: 2024-08-08 19:23 – Updated: 2024-08-21 20:03
VLAI?
Title
Vonets WiFi Bridges Improper Access Control
Summary
Improper access control vulnerability affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9
and prior, enables an unauthenticated remote attacker to bypass
authentication and factory reset the device via unprotected goform
endpoints.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:43:23.222319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:03:57.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control vulnerability affecting Vonets\n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 \nand prior, enables an unauthenticated remote attacker to bypass \nauthentication and factory reset the device via unprotected goform \nendpoints."
}
],
"value": "Improper access control vulnerability affecting Vonets\n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 \nand prior, enables an unauthenticated remote attacker to bypass \nauthentication and factory reset the device via unprotected goform \nendpoints."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:41:29.764Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-29082",
"datePublished": "2024-08-08T19:23:23.133Z",
"dateReserved": "2024-07-30T16:15:10.076Z",
"dateUpdated": "2024-08-21T20:03:57.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41161 (GCVE-0-2024-41161)
Vulnerability from nvd – Published: 2024-08-08 17:49 – Updated: 2024-08-09 14:37
VLAI?
Title
Vonets WiFi Bridges Use of Hard-coded Credentials
Summary
Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enables an unauthenticated remote attacker to
bypass authentication using hard-coded administrator credentials. These
accounts cannot be disabled.
Severity ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:37:46.342614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T14:37:54.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enables an unauthenticated remote attacker to \nbypass authentication using hard-coded administrator credentials. These \naccounts cannot be disabled."
}
],
"value": "Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enables an unauthenticated remote attacker to \nbypass authentication using hard-coded administrator credentials. These \naccounts cannot be disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:40:53.254Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Use of Hard-coded Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-41161",
"datePublished": "2024-08-08T17:49:35.888Z",
"dateReserved": "2024-07-30T16:15:10.064Z",
"dateUpdated": "2024-08-09T14:37:54.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}