CVE-2024-39791
10.0
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: ics-cert@hq.dhs.gov (Secondary)
Description
Stack-based buffer overflow vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enable an unauthenticated remote attacker to
execute arbitrary code.
Affected (14)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3.23.6.9 |
| Running on/with | Platform Versions |
|---|---|
Vonets Var1200 H | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3.23.6.9 |
| Running on/with | Platform Versions |
|---|---|
Vonets Var1200 L | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3.23.6.9 |
| Running on/with | Platform Versions |
|---|---|
Vonets Var600 H | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3.23.6.9 |
| Running on/with | Platform Versions |
|---|---|
Vonets Vap11ac | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3.23.6.9 |
| Running on/with | Platform Versions |
|---|---|
Vonets Vap11g 500s | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3.23.6.9 |
| Running on/with | Platform Versions |
|---|---|
Vonets Vbg1200 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3.23.6.9 |
| Running on/with | Platform Versions |
|---|---|
Vonets Vap11s 5g | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3.23.6.9 |
| Running on/with | Platform Versions |
|---|---|
Vonets Vap11s | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3.23.6.9 |
| Running on/with | Platform Versions |
|---|---|
Vonets Var11n 300 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3.23.6.9 |
| Running on/with | Platform Versions |
|---|---|
Vonets Vap11g 300 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3.23.6.9 |
| Running on/with | Platform Versions |
|---|---|
Vonets Vap11n 300 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3.23.6.9 |
| Running on/with | Platform Versions |
|---|---|
Vonets Vap11g | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3.23.6.9 |
| Running on/with | Platform Versions |
|---|---|
Vonets Vap11g 500 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3.23.6.9 |
| Running on/with | Platform Versions |
|---|---|
Vonets Vga 1000 | All versions |
Related CWEs
CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
References (1)
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.