← Back

CVE-2024-42001

nvd nist
Published: Aug 12, 2024Modified: Aug 20, 2024

JSON object

Loading...
6.1
Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: ics-cert@hq.dhs.gov (Secondary)

Description

An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session.

Affected (14)

Vonets
14 products
Var1200 H Firmware
Var1200 L Firmware
Var600 H Firmware
Vap11ac Firmware
Vap11g 500s Firmware
Vbg1200 Firmware
Vap11s 5g Firmware
Vap11s Firmware
Var11n 300 Firmware
Vap11g 300 Firmware
Vap11n 300 Firmware
Vap11g Firmware
Vap11g 500 Firmware
Vga 1000 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Var1200 H Firmware
Up to 3.3.23.6.9
Running on/withPlatform Versions
Vonets
Var1200 H
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Var1200 L Firmware
Up to 3.3.23.6.9
Running on/withPlatform Versions
Vonets
Var1200 L
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Var600 H Firmware
Up to 3.3.23.6.9
Running on/withPlatform Versions
Vonets
Var600 H
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vap11ac Firmware
Up to 3.3.23.6.9
Running on/withPlatform Versions
Vonets
Vap11ac
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vap11g 500s Firmware
Up to 3.3.23.6.9
Running on/withPlatform Versions
Vonets
Vap11g 500s
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vbg1200 Firmware
Up to 3.3.23.6.9
Running on/withPlatform Versions
Vonets
Vbg1200
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vap11s 5g Firmware
Up to 3.3.23.6.9
Running on/withPlatform Versions
Vonets
Vap11s 5g
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vap11s Firmware
Up to 3.3.23.6.9
Running on/withPlatform Versions
Vonets
Vap11s
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Var11n 300 Firmware
Up to 3.3.23.6.9
Running on/withPlatform Versions
Vonets
Var11n 300
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vap11g 300 Firmware
Up to 3.3.23.6.9
Running on/withPlatform Versions
Vonets
Vap11g 300
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vap11n 300 Firmware
Up to 3.3.23.6.9
Running on/withPlatform Versions
Vonets
Vap11n 300
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vap11g Firmware
Up to 3.3.23.6.9
Running on/withPlatform Versions
Vonets
Vap11g
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vap11g 500 Firmware
Up to 3.3.23.6.9
Running on/withPlatform Versions
Vonets
Vap11g 500
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vga 1000 Firmware
Up to 3.3.23.6.9
Running on/withPlatform Versions
Vonets
Vga 1000
All versions

Related CWEs

CWE-425
Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (1)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.