CVE-2024-41161

Published: Aug 8, 2024Modified: Aug 20, 2024

8.7

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: ics-cert@hq.dhs.gov (Secondary)

Description

Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials. These accounts cannot be disabled.

Affected (14)

Products: Vonets: Var1200 H Firmware, Var1200 L Firmware, Var600 H Firmware, Vap11ac Firmware, Vap11g 500s Firmware, Vbg1200 Firmware, Vap11s 5g Firmware, Vap11s Firmware, Var11n 300 Firmware, Vap11g 300 Firmware, Vap11n 300 Firmware, Vap11g Firmware, Vap11g 500 Firmware, Vga 1000 Firmware

14 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Var1200 H Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Var1200 H	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Var1200 L Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Var1200 L	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Var600 H Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Var600 H	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11ac Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11ac	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11g 500s Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11g 500s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vbg1200 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vbg1200	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11s 5g Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11s 5g	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11s Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11s	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Var11n 300 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Var11n 300	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11g 300 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11g 300	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11n 300 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11n 300	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11g Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11g	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vap11g 500 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vap11g 500	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vonets Vga 1000 Firmware	Up to 3.3.23.6.9

Running on/with	Platform Versions
Vonets Vga 1000	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (1)

https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.