Lucene search

IcscertCVELIST:CVE-2024-42001

HistoryAug 08, 2024 - 7:39 p.m.

CVE-2024-42001 Vonets WiFi Bridges Forced Browsing

2024-08-0819:39:49

CWE-425

icscert

www.cve.org

vonets

wifi bridges

authentication

vulnerability

remote attack

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CVSS4

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/SC:N/VI:L/SI:N/VA:L/SA:N

EPSS

0.001

Percentile

39.6%

JSON

An improper authentication vulnerability affecting Vonets

industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior enables an unauthenticated remote attacker to
bypass authentication via a specially crafted direct request when
another user has an active session.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VAR1200-H",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAR1200-L",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAR600-H",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11AC",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11G-500S",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VBG1200",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11S-5G",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11S",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAR11N-300",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11G-300",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11N-300",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11G",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11G-500",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VBG1200",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VAP11AC",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VGA-1000",
    "vendor": "Vonets",
    "versions": [
      {
        "lessThanOrEqual": "3.3.23.6.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CVSS4

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/SC:N/VI:L/SI:N/VA:L/SA:N

EPSS

0.001

Percentile

39.6%

JSON

Related for CVELIST:CVE-2024-42001