CVE-2024-39815

Published: Aug 12, 2024Modified: Aug 20, 2024

9.4

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: ics-cert@hq.dhs.gov (Secondary)

Description

Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to pre-authentication resources can crash the service.

Affected (14)

Products: Vonets: Var1200 H Firmware, Var1200 L Firmware, Var600 H Firmware, Vap11ac Firmware, Vap11g 500s Firmware, Vbg1200 Firmware, Vap11s 5g Firmware, Vap11s Firmware, Var11n 300 Firmware, Vap11g 300 Firmware, Vap11n 300 Firmware, Vap11g Firmware, Vap11g 500 Firmware, Vga 1000 Firmware

14 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Var1200 H Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Var1200 H	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Var1200 L Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Var1200 L	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Var600 H Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Var600 H	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11ac Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11ac	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11g 500s Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11g 500s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vbg1200 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vbg1200	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11s 5g Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11s 5g	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11s Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11s	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Var11n 300 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Var11n 300	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11g 300 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11g 300	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11n 300 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11n 300	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11g Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11g	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11g 500 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11g 500	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vga 1000 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vga 1000	All versions

Related CWEs

CWE-703

Improper Check or Handling of Exceptional Conditions

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

References (1)

https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.