Lucene search

[email protected]NVD:CVE-2024-41936

HistoryAug 12, 2024 - 1:38 p.m.

CVE-2024-41936

2024-08-1213:38:31

CWE-22

[email protected]

web.nvd.nist.gov

cve-2024-41936

vonets

industrial wifi bridge

directory traversal

remote attacker

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

39.1%

JSON

A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9
and prior, enables an unauthenticated remote attacker to read arbitrary
files and bypass authentication.

Affected configurations

Nvd

Node

vonetsvar1200-h_firmwareRange≤3.3.23.6.9

AND

vonetsvar1200-hMatch-

Node

vonetsvar1200-l_firmwareRange≤3.3.23.6.9

AND

vonetsvar1200-lMatch-

Node

vonetsvar600-h_firmwareRange≤3.3.23.6.9

AND

vonetsvar600-hMatch-

Node

vonetsvap11ac_firmwareRange≤3.3.23.6.9

AND

vonetsvap11acMatch-

Node

vonetsvap11g-500s_firmwareRange≤3.3.23.6.9

AND

vonetsvap11g-500sMatch-

Node

vonetsvbg1200_firmwareRange≤3.3.23.6.9

AND

vonetsvbg1200Match-

Node

vonetsvap11s-5g_firmwareRange≤3.3.23.6.9

AND

vonetsvap11s-5gMatch-

Node

vonetsvap11s_firmwareRange≤3.3.23.6.9

AND

vonetsvap11sMatch-

Node

vonetsvar11n-300_firmwareRange≤3.3.23.6.9

AND

vonetsvar11n-300Match-

Node

vonetsvap11g-300_firmwareRange≤3.3.23.6.9

AND

vonetsvap11g-300Match-

Node

vonetsvap11n-300_firmwareRange≤3.3.23.6.9

AND

vonetsvap11n-300Match-

Node

vonetsvap11g_firmwareRange≤3.3.23.6.9

AND

vonetsvap11gMatch-

Node

vonetsvap11g-500_firmwareRange≤3.3.23.6.9

AND

vonetsvap11g-500Match-

Node

vonetsvga-1000_firmwareRange≤3.3.23.6.9

AND

vonetsvga-1000Match-

VendorProductVersionCPE
vonetsvar1200-h_firmware*cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*
vonetsvar1200-h-cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*
vonetsvar1200-l_firmware*cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*
vonetsvar1200-l-cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*
vonetsvar600-h_firmware*cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*
vonetsvar600-h-cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*
vonetsvap11ac_firmware*cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*
vonetsvap11ac-cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*
vonetsvap11g-500s_firmware*cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*
vonetsvap11g-500s-cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vonets	var1200-h_firmware	*	cpe:2.3:o:vonets:var1200-h_firmware::::::::
vonets	var1200-h	-	cpe:2.3:h:vonets:var1200-h:-:::::::*
vonets	var1200-l_firmware	*	cpe:2.3:o:vonets:var1200-l_firmware::::::::
vonets	var1200-l	-	cpe:2.3:h:vonets:var1200-l:-:::::::*
vonets	var600-h_firmware	*	cpe:2.3:o:vonets:var600-h_firmware::::::::
vonets	var600-h	-	cpe:2.3:h:vonets:var600-h:-:::::::*
vonets	vap11ac_firmware	*	cpe:2.3:o:vonets:vap11ac_firmware::::::::
vonets	vap11ac	-	cpe:2.3:h:vonets:vap11ac:-:::::::*
vonets	vap11g-500s_firmware	*	cpe:2.3:o:vonets:vap11g-500s_firmware::::::::
vonets	vap11g-500s	-	cpe:2.3:h:vonets:vap11g-500s:-:::::::*

Rows per page:

1-10 of 281

References

www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

39.1%

JSON

Related for NVD:CVE-2024-41936

cvelist1 vulnrichment1 cve1 ics1