Multiple OS command injection vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software
versions 3.3.23.6.9 and prior, enable an authenticated remote attacker
to execute arbitrary OS commands via various endpoint parameters.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
History
20 Aug 2024, 17:12
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.9 |
First Time |
Vonets var1200-l Firmware
Vonets vap11n-300 Vonets vap11s-5g Firmware Vonets vap11ac Vonets vap11g-500 Vonets var600-h Vonets var11n-300 Firmware Vonets vap11g-300 Vonets var1200-h Firmware Vonets vap11g Firmware Vonets vap11g-500 Firmware Vonets var11n-300 Vonets vga-1000 Firmware Vonets Vonets vap11ac Firmware Vonets vap11n-300 Firmware Vonets vap11s Vonets vap11s Firmware Vonets var600-h Firmware Vonets vap11g-500s Vonets vga-1000 Vonets vap11s-5g Vonets var1200-l Vonets var1200-h Vonets vbg1200 Firmware Vonets vap11g-500s Firmware Vonets vap11g-300 Firmware Vonets vap11g Vonets vbg1200 |
|
Summary |
|
|
CPE | cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:* |
|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 - Third Party Advisory, US Government Resource |
12 Aug 2024, 13:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-12 13:38
Updated : 2024-08-20 17:12
NVD link : CVE-2024-37023
Mitre link : CVE-2024-37023
CVE.ORG link : CVE-2024-37023
JSON object : View
Products Affected
vonets
- var1200-l
- vap11n-300_firmware
- vbg1200
- var1200-l_firmware
- var11n-300_firmware
- vap11g_firmware
- vap11g-300_firmware
- var600-h_firmware
- vbg1200_firmware
- vap11ac
- vga-1000
- vap11s-5g_firmware
- var11n-300
- vap11s
- vga-1000_firmware
- vap11s_firmware
- var1200-h_firmware
- var600-h
- vap11g-500s
- var1200-h
- vap11g-500_firmware
- vap11n-300
- vap11g-500s_firmware
- vap11g-300
- vap11g
- vap11ac_firmware
- vap11s-5g
- vap11g-500
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')