CVE-2024-39791

Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*

History

20 Aug 2024, 17:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~10.0~~	v2 : unknown v3 : 9.8
Summary		(es) Vulnerabilidades de desbordamiento de búfer basadas en pila que afectan a los relés de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permiten que un atacante remoto no autenticado ejecute código arbitrario.
CPE		cpe:2.3:o:vonets:var1200-l_firmware:::::::: cpe:2.3:h:vonets:vap11s-5g:-:::::::* cpe:2.3:o:vonets:vap11ac_firmware:::::::: cpe:2.3:o:vonets:vap11g-500_firmware:::::::: cpe:2.3:h:vonets:vbg1200:-:::::::* cpe:2.3:o:vonets:vap11g-500s_firmware:::::::: cpe:2.3:h:vonets:vap11g-500s:-:::::::* cpe:2.3:h:vonets:vap11g:-:::::::* cpe:2.3:o:vonets:var1200-h_firmware:::::::: cpe:2.3:h:vonets:vap11g-500:-:::::::* cpe:2.3:h:vonets:var600-h:-:::::::* cpe:2.3:o:vonets:vap11g-300_firmware:::::::: cpe:2.3:h:vonets:vap11s:-:::::::* cpe:2.3:o:vonets:vap11g_firmware:::::::: cpe:2.3:o:vonets:vbg1200_firmware:::::::: cpe:2.3:h:vonets:vga-1000:-:::::::* cpe:2.3:o:vonets:vap11s-5g_firmware:::::::: cpe:2.3:h:vonets:vap11g-300:-:::::::* cpe:2.3:h:vonets:vap11n-300:-:::::::* cpe:2.3:o:vonets:vap11s_firmware:::::::: cpe:2.3:h:vonets:var11n-300:-:::::::* cpe:2.3:o:vonets:vap11n-300_firmware:::::::: cpe:2.3:h:vonets:vap11ac:-:::::::* cpe:2.3:h:vonets:var1200-l:-:::::::* cpe:2.3:o:vonets:var11n-300_firmware:::::::: cpe:2.3:h:vonets:var1200-h:-:::::::* cpe:2.3:o:vonets:vga-1000_firmware:::::::: cpe:2.3:o:vonets:var600-h_firmware::::::::
CWE		CWE-787
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 - Third Party Advisory, US Government Resource
First Time		Vonets var1200-l Firmware Vonets vap11n-300 Vonets vap11s-5g Firmware Vonets vap11ac Vonets vap11g-500 Vonets var600-h Vonets var11n-300 Firmware Vonets vap11g-300 Vonets var1200-h Firmware Vonets vap11g Firmware Vonets vap11g-500 Firmware Vonets var11n-300 Vonets vga-1000 Firmware Vonets Vonets vap11ac Firmware Vonets vap11n-300 Firmware Vonets vap11s Vonets vap11s Firmware Vonets var600-h Firmware Vonets vap11g-500s Vonets vga-1000 Vonets vap11s-5g Vonets var1200-l Vonets var1200-h Vonets vbg1200 Firmware Vonets vap11g-500s Firmware Vonets vap11g-300 Firmware Vonets vap11g Vonets vbg1200

12 Aug 2024, 13:41

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-08-20 17:15

NVD link : CVE-2024-39791

Mitre link : CVE-2024-39791

CVE.ORG link : CVE-2024-39791

JSON object : View

Products Affected

vonets

var11n-300_firmware
vap11s-5g
var1200-l
vap11g-500_firmware
vap11g-500s_firmware
vbg1200
var600-h_firmware
vga-1000_firmware
vap11ac
vap11g-500s
var1200-l_firmware
vap11g-300_firmware
vap11g-500
var1200-h
vap11n-300_firmware
vap11s-5g_firmware
vga-1000
vap11s
var11n-300
vap11g-300
vap11g_firmware
var600-h
vap11s_firmware
vap11ac_firmware
var1200-h_firmware
vap11g
vap11n-300
vbg1200_firmware

CWE

CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2024-39791", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 10.0, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-08-12T13:38:24.857", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow vulnerabilities affecting Vonets\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enable an unauthenticated remote attacker to \nexecute arbitrary code."}, {"lang": "es", "value": "Vulnerabilidades de desbordamiento de b\u00fafer basadas en pila que afectan a los rel\u00e9s de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permiten que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario."}], "lastModified": "2024-08-20T17:15:56.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94DAF720-5399-46A2-A9AB-3831045B86D2", "versionEndIncluding": "3.3.23.6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6D2E3C6A-6CC6-4954-B06C-3F023C964426"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "273874D4-43E0-44D4-AB4E-D66DE1F1B824", "versionEndIncluding": "3.3.23.6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2C4B65A1-D625-4712-8311-685CA0A6438B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADCC4730-7801-485C-994F-DB7B942AA9F4", "versionEndIncluding": "3.3.23.6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB22B21B-526A-4119-9278-E84138D523E4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C007C620-CAF2-436E-AAA9-C012CEFCEA3B", "versionEndIncluding": "3.3.23.6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "21B9AA55-A333-4D10-A9D8-19558465F56E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDC4DF91-B718-4CFE-BEE7-4E9CFF121C01", "versionEndIncluding": "3.3.23.6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C9EC2642-6A5B-4DA8-A675-B9F3CAD9B35E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BFA8106-50EE-428D-9297-930CE9CC99C1", "versionEndIncluding": "3.3.23.6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE4D6B12-50A8-4314-AEDA-E3C669F772C9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D95A2EE8-B22F-4671-8DF8-3757A335B006", "versionEndIncluding": "3.3.23.6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "66E94FE6-235A-46F0-81B0-DFF88C454BB1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "060B7C85-806D-45B3-8268-10AC5E475171", "versionEndIncluding": "3.3.23.6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C434D025-8361-4C2D-AC7D-4E4A44237C27"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DFA50C3-2B3E-4755-98FB-63CED2CA7B8F", "versionEndIncluding": "3.3.23.6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "95D5A3C0-8303-4E77-9DE1-75FD9DAED295"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42E71F95-814C-4EDA-8647-B03CA6AAFDEB", "versionEndIncluding": "3.3.23.6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B23375E-0E77-4423-AEDA-9A9F26052834"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7018E246-D211-4366-8664-90B00E68AA74", "versionEndIncluding": "3.3.23.6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ADE0116E-37B8-4E0A-8874-A59989712743"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9C1B20A-8F03-4C6E-8715-B68DBBBAFB97", "versionEndIncluding": "3.3.23.6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F510F0DC-C170-45A3-989B-2FA8791B4FC1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52909496-4BEB-43DB-80E3-F710BCA0CAA5", "versionEndIncluding": "3.3.23.6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B61E3489-034E-4DD2-8699-477647462CF7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FAF11BE-F3F4-4D40-9156-DDB2FFBF9470", "versionEndIncluding": "3.3.23.6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DA90833B-D40E-42F0-8ECF-86C90E4511C4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}

9.8 /10