CVE-2024-29082

Published: Aug 12, 2024Modified: Aug 20, 2024

8.8

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: ics-cert@hq.dhs.gov (Secondary)

Description

Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints.

Affected (14)

Products: Vonets: Var1200 H Firmware, Var1200 L Firmware, Var600 H Firmware, Vap11ac Firmware, Vap11g 500s Firmware, Vbg1200 Firmware, Vap11s 5g Firmware, Vap11s Firmware, Var11n 300 Firmware, Vap11g 300 Firmware, Vap11n 300 Firmware, Vap11g Firmware, Vap11g 500 Firmware, Vga 1000 Firmware

14 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Var1200 H Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Var1200 H	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Var1200 L Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Var1200 L	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Var600 H Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Var600 H	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11ac Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11ac	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11g 500s Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11g 500s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vbg1200 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vbg1200	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11s 5g Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11s 5g	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11s Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11s	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Var11n 300 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Var11n 300	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11g 300 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11g 300	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11n 300 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11n 300	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11g Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11g	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11g 500 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11g 500	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vga 1000 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vga 1000	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.