Lucene search

IcscertCVE-2024-29082

HistoryAug 12, 2024 - 1:38 p.m.

CVE-2024-29082

2024-08-1213:38:18

CWE-284

icscert

web.nvd.nist.gov

vonets

wifi bridges

access control

vulnerability

industrial

factory reset

unauthenticated

remote attacker

authentication bypass

cve-2024-29082

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CVSS4

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/SC:N/VI:L/SI:N/VA:H/SA:N

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Improper access control vulnerability affecting Vonets

industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9
and prior, enables an unauthenticated remote attacker to bypass
authentication and factory reset the device via unprotected goform
endpoints.

Affected configurations

Nvd

Node

vonetsvar1200-h_firmwareRange≤3.3.23.6.9

AND

vonetsvar1200-hMatch-

Node

vonetsvar1200-l_firmwareRange≤3.3.23.6.9

AND

vonetsvar1200-lMatch-

Node

vonetsvar600-h_firmwareRange≤3.3.23.6.9

AND

vonetsvar600-hMatch-

Node

vonetsvap11ac_firmwareRange≤3.3.23.6.9

AND

vonetsvap11acMatch-

Node

vonetsvap11g-500s_firmwareRange≤3.3.23.6.9

AND

vonetsvap11g-500sMatch-

Node

vonetsvbg1200_firmwareRange≤3.3.23.6.9

AND

vonetsvbg1200Match-

Node

vonetsvap11s-5g_firmwareRange≤3.3.23.6.9

AND

vonetsvap11s-5gMatch-

Node

vonetsvap11s_firmwareRange≤3.3.23.6.9

AND

vonetsvap11sMatch-

Node

vonetsvar11n-300_firmwareRange≤3.3.23.6.9

AND

vonetsvar11n-300Match-

Node

vonetsvap11g-300_firmwareRange≤3.3.23.6.9

AND

vonetsvap11g-300Match-

Node

vonetsvap11n-300_firmwareRange≤3.3.23.6.9

AND

vonetsvap11n-300Match-

Node

vonetsvap11g_firmwareRange≤3.3.23.6.9

AND

vonetsvap11gMatch-

Node

vonetsvap11g-500_firmwareRange≤3.3.23.6.9

AND

vonetsvap11g-500Match-

Node

vonetsvga-1000_firmwareRange≤3.3.23.6.9

AND

vonetsvga-1000Match-

VendorProductVersionCPE
vonetsvar1200-h_firmware*cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*
vonetsvar1200-h-cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*
vonetsvar1200-l_firmware*cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*
vonetsvar1200-l-cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*
vonetsvar600-h_firmware*cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*
vonetsvar600-h-cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*
vonetsvap11ac_firmware*cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*
vonetsvap11ac-cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*
vonetsvap11g-500s_firmware*cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*
vonetsvap11g-500s-cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vonets	var1200-h_firmware	*	cpe:2.3:o:vonets:var1200-h_firmware::::::::
vonets	var1200-h	-	cpe:2.3:h:vonets:var1200-h:-:::::::*
vonets	var1200-l_firmware	*	cpe:2.3:o:vonets:var1200-l_firmware::::::::
vonets	var1200-l	-	cpe:2.3:h:vonets:var1200-l:-:::::::*
vonets	var600-h_firmware	*	cpe:2.3:o:vonets:var600-h_firmware::::::::
vonets	var600-h	-	cpe:2.3:h:vonets:var600-h:-:::::::*
vonets	vap11ac_firmware	*	cpe:2.3:o:vonets:vap11ac_firmware::::::::
vonets	vap11ac	-	cpe:2.3:h:vonets:vap11ac:-:::::::*
vonets	vap11g-500s_firmware	*	cpe:2.3:o:vonets:vap11g-500s_firmware::::::::
vonets	vap11g-500s	-	cpe:2.3:h:vonets:vap11g-500s:-:::::::*

Rows per page:

1-10 of 281

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VAR1200-H",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAR1200-L",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAR600-H",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11AC",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11G-500S",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VBG1200",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11S-5G",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11S",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAR11N-300",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11G-300",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11N-300",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11G",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11G-500",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VBG1200",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11AC",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VGA-1000",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CVSS4

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/SC:N/VI:L/SI:N/VA:H/SA:N

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Related for CVE-2024-29082