industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior enables an unauthenticated remote attacker to
bypass authentication via a specially crafted direct request when
another user has an active session.
Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
Vonets has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information.
Wed, 21 Aug 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vap11g_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vap11s_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:var11n-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:var1200-h_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:var1200-l_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:var600-h_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vbg1200_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vga-1000_firmware:*:*:*:*:*:*:*:* |
Tue, 20 Aug 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Vonets vap11ac
Vonets vap11g Vonets vap11g-300 Vonets vap11g-500 Vonets vap11g-500 Firmware Vonets vap11g-500s Vonets vap11n-300 Vonets vap11s Vonets vap11s-5g Vonets var11n-300 Vonets var1200-h Vonets var1200-l Vonets var600-h Vonets vbg1200 Vonets vga-1000 |
|
CPEs | cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Vonets vap11ac
Vonets vap11g Vonets vap11g-300 Vonets vap11g-500 Vonets vap11g-500 Firmware Vonets vap11g-500s Vonets vap11n-300 Vonets vap11s Vonets vap11s-5g Vonets var11n-300 Vonets var1200-h Vonets var1200-l Vonets var600-h Vonets vbg1200 Vonets vga-1000 |
Fri, 09 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Vonets
Vonets vap11ac Firmware Vonets vap11g-300 Firmware Vonets vap11g-500s Firmware Vonets vap11g Firmware Vonets vap11n-300 Firmware Vonets vap11s-5g Firmware Vonets vap11s Firmware Vonets var11n-300 Firmware Vonets var1200-h Firmware Vonets var1200-l Firmware Vonets var600-h Firmware Vonets vbg1200 Firmware Vonets vga-1000 Firmware |
|
CPEs | cpe:2.3:a:vonets:vap11ac_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vap11g_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vap11s_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:var11n-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:var1200-h_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:var1200-l_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:var600-h_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vbg1200_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:vonets:vga-1000_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Vonets
Vonets vap11ac Firmware Vonets vap11g-300 Firmware Vonets vap11g-500s Firmware Vonets vap11g Firmware Vonets vap11n-300 Firmware Vonets vap11s-5g Firmware Vonets vap11s Firmware Vonets var11n-300 Firmware Vonets var1200-h Firmware Vonets var1200-l Firmware Vonets var600-h Firmware Vonets vbg1200 Firmware Vonets vga-1000 Firmware |
|
Metrics |
ssvc
|
Thu, 08 Aug 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session. | |
Title | Vonets WiFi Bridges Forced Browsing | |
Weaknesses | CWE-425 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2024-08-21T20:04:53.127Z
Reserved: 2024-07-30T16:15:10.118Z
Link: CVE-2024-42001

Updated: 2024-08-09T14:41:21.390Z

Status : Analyzed
Published: 2024-08-12T13:38:32.140
Modified: 2024-08-20T16:37:05.447
Link: CVE-2024-42001

No data.

No data.