Lucene search

[email protected]NVD:CVE-2024-29082

HistoryAug 12, 2024 - 1:38 p.m.

CVE-2024-29082

2024-08-1213:38:18

CWE-284

[email protected]

web.nvd.nist.gov

vonets industrial wifi bridge relays

access control vulnerability

remote attacker

authentication bypass

factory reset

unprotected goform endpoints

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS

0.001

Percentile

17.7%

JSON

Improper access control vulnerability affecting Vonets

industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9
and prior, enables an unauthenticated remote attacker to bypass
authentication and factory reset the device via unprotected goform
endpoints.

Affected configurations

Nvd

Node

vonetsvar1200-h_firmwareRange≤3.3.23.6.9

AND

vonetsvar1200-hMatch-

Node

vonetsvar1200-l_firmwareRange≤3.3.23.6.9

AND

vonetsvar1200-lMatch-

Node

vonetsvar600-h_firmwareRange≤3.3.23.6.9

AND

vonetsvar600-hMatch-

Node

vonetsvap11ac_firmwareRange≤3.3.23.6.9

AND

vonetsvap11acMatch-

Node

vonetsvap11g-500s_firmwareRange≤3.3.23.6.9

AND

vonetsvap11g-500sMatch-

Node

vonetsvbg1200_firmwareRange≤3.3.23.6.9

AND

vonetsvbg1200Match-

Node

vonetsvap11s-5g_firmwareRange≤3.3.23.6.9

AND

vonetsvap11s-5gMatch-

Node

vonetsvap11s_firmwareRange≤3.3.23.6.9

AND

vonetsvap11sMatch-

Node

vonetsvar11n-300_firmwareRange≤3.3.23.6.9

AND

vonetsvar11n-300Match-

Node

vonetsvap11g-300_firmwareRange≤3.3.23.6.9

AND

vonetsvap11g-300Match-

Node

vonetsvap11n-300_firmwareRange≤3.3.23.6.9

AND

vonetsvap11n-300Match-

Node

vonetsvap11g_firmwareRange≤3.3.23.6.9

AND

vonetsvap11gMatch-

Node

vonetsvap11g-500_firmwareRange≤3.3.23.6.9

AND

vonetsvap11g-500Match-

Node

vonetsvga-1000_firmwareRange≤3.3.23.6.9

AND

vonetsvga-1000Match-

VendorProductVersionCPE
vonetsvar1200-h_firmware*cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*
vonetsvar1200-h-cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*
vonetsvar1200-l_firmware*cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*
vonetsvar1200-l-cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*
vonetsvar600-h_firmware*cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*
vonetsvar600-h-cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*
vonetsvap11ac_firmware*cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*
vonetsvap11ac-cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*
vonetsvap11g-500s_firmware*cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*
vonetsvap11g-500s-cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vonets	var1200-h_firmware	*	cpe:2.3:o:vonets:var1200-h_firmware::::::::
vonets	var1200-h	-	cpe:2.3:h:vonets:var1200-h:-:::::::*
vonets	var1200-l_firmware	*	cpe:2.3:o:vonets:var1200-l_firmware::::::::
vonets	var1200-l	-	cpe:2.3:h:vonets:var1200-l:-:::::::*
vonets	var600-h_firmware	*	cpe:2.3:o:vonets:var600-h_firmware::::::::
vonets	var600-h	-	cpe:2.3:h:vonets:var600-h:-:::::::*
vonets	vap11ac_firmware	*	cpe:2.3:o:vonets:vap11ac_firmware::::::::
vonets	vap11ac	-	cpe:2.3:h:vonets:vap11ac:-:::::::*
vonets	vap11g-500s_firmware	*	cpe:2.3:o:vonets:vap11g-500s_firmware::::::::
vonets	vap11g-500s	-	cpe:2.3:h:vonets:vap11g-500s:-:::::::*

Rows per page:

1-10 of 281

References

www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-29082

vulnrichment1 cvelist1 cve1 ics1