Lucene search

IcscertCVE-2024-42001

HistoryAug 12, 2024 - 1:38 p.m.

CVE-2024-42001

2024-08-1213:38:32

CWE-425

icscert

web.nvd.nist.gov

vonets

wifi bridges

improper authentication

cve-2024-42001

remote attacker

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/SC:N/VI:L/SI:N/VA:L/SA:N

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

39.6%

JSON

An improper authentication vulnerability affecting Vonets

industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior enables an unauthenticated remote attacker to
bypass authentication via a specially crafted direct request when
another user has an active session.

Affected configurations

Nvd

Node

vonetsvar1200-h_firmwareRange≤3.3.23.6.9

AND

vonetsvar1200-hMatch-

Node

vonetsvar1200-l_firmwareRange≤3.3.23.6.9

AND

vonetsvar1200-lMatch-

Node

vonetsvar600-h_firmwareRange≤3.3.23.6.9

AND

vonetsvar600-hMatch-

Node

vonetsvap11ac_firmwareRange≤3.3.23.6.9

AND

vonetsvap11acMatch-

Node

vonetsvap11g-500s_firmwareRange≤3.3.23.6.9

AND

vonetsvap11g-500sMatch-

Node

vonetsvbg1200_firmwareRange≤3.3.23.6.9

AND

vonetsvbg1200Match-

Node

vonetsvap11s-5g_firmwareRange≤3.3.23.6.9

AND

vonetsvap11s-5gMatch-

Node

vonetsvap11s_firmwareRange≤3.3.23.6.9

AND

vonetsvap11sMatch-

Node

vonetsvar11n-300_firmwareRange≤3.3.23.6.9

AND

vonetsvar11n-300Match-

Node

vonetsvap11g-300_firmwareRange≤3.3.23.6.9

AND

vonetsvap11g-300Match-

Node

vonetsvap11n-300_firmwareRange≤3.3.23.6.9

AND

vonetsvap11n-300Match-

Node

vonetsvap11g_firmwareRange≤3.3.23.6.9

AND

vonetsvap11gMatch-

Node

vonetsvap11g-500_firmwareRange≤3.3.23.6.9

AND

vonetsvap11g-500Match-

Node

vonetsvga-1000_firmwareRange≤3.3.23.6.9

AND

vonetsvga-1000Match-

VendorProductVersionCPE
vonetsvar1200-h_firmware*cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*
vonetsvar1200-h-cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*
vonetsvar1200-l_firmware*cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*
vonetsvar1200-l-cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*
vonetsvar600-h_firmware*cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*
vonetsvar600-h-cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*
vonetsvap11ac_firmware*cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*
vonetsvap11ac-cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*
vonetsvap11g-500s_firmware*cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*
vonetsvap11g-500s-cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vonets	var1200-h_firmware	*	cpe:2.3:o:vonets:var1200-h_firmware::::::::
vonets	var1200-h	-	cpe:2.3:h:vonets:var1200-h:-:::::::*
vonets	var1200-l_firmware	*	cpe:2.3:o:vonets:var1200-l_firmware::::::::
vonets	var1200-l	-	cpe:2.3:h:vonets:var1200-l:-:::::::*
vonets	var600-h_firmware	*	cpe:2.3:o:vonets:var600-h_firmware::::::::
vonets	var600-h	-	cpe:2.3:h:vonets:var600-h:-:::::::*
vonets	vap11ac_firmware	*	cpe:2.3:o:vonets:vap11ac_firmware::::::::
vonets	vap11ac	-	cpe:2.3:h:vonets:vap11ac:-:::::::*
vonets	vap11g-500s_firmware	*	cpe:2.3:o:vonets:vap11g-500s_firmware::::::::
vonets	vap11g-500s	-	cpe:2.3:h:vonets:vap11g-500s:-:::::::*

Rows per page:

1-10 of 281

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VAR1200-H",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAR1200-L",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAR600-H",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11AC",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11G-500S",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VBG1200",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11S-5G",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11S",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAR11N-300",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11G-300",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11N-300",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11G",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11G-500",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VBG1200",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11AC",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VGA-1000",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/SC:N/VI:L/SI:N/VA:L/SA:N

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

39.6%

JSON

Related for CVE-2024-42001