CVE-2024-41936

A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to read arbitrary files and bypass authentication.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*

History

20 Aug 2024, 16:26

Type Values Removed Values Added
CPE cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*
First Time Vonets var1200-l Firmware
Vonets vap11n-300
Vonets vap11s-5g Firmware
Vonets vap11ac
Vonets vap11g-500
Vonets var600-h
Vonets var11n-300 Firmware
Vonets vap11g-300
Vonets var1200-h Firmware
Vonets vap11g Firmware
Vonets vap11g-500 Firmware
Vonets var11n-300
Vonets vga-1000 Firmware
Vonets
Vonets vap11ac Firmware
Vonets vap11n-300 Firmware
Vonets vap11s
Vonets vap11s Firmware
Vonets var600-h Firmware
Vonets vap11g-500s
Vonets vga-1000
Vonets vap11s-5g
Vonets var1200-l
Vonets var1200-h
Vonets vbg1200 Firmware
Vonets vap11g-500s Firmware
Vonets vap11g-300 Firmware
Vonets vap11g
Vonets vbg1200
Summary
  • (es) Una vulnerabilidad de directory traversal que afecta a los relés de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permite a un atacante remoto no autenticado leer archivos arbitrarios y eludir la autenticación.
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 - Third Party Advisory, US Government Resource

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-08-20 16:26


NVD link : CVE-2024-41936

Mitre link : CVE-2024-41936

CVE.ORG link : CVE-2024-41936


JSON object : View

Products Affected

vonets

  • var1200-l
  • vap11n-300_firmware
  • vbg1200
  • var1200-l_firmware
  • var11n-300_firmware
  • vap11g_firmware
  • vap11g-300_firmware
  • var600-h_firmware
  • vbg1200_firmware
  • vap11ac
  • vga-1000
  • vap11s-5g_firmware
  • var11n-300
  • vap11s
  • vga-1000_firmware
  • vap11s_firmware
  • var1200-h_firmware
  • var600-h
  • vap11g-500s
  • var1200-h
  • vap11g-500_firmware
  • vap11n-300
  • vap11g-500s_firmware
  • vap11g-300
  • vap11g
  • vap11ac_firmware
  • vap11s-5g
  • vap11g-500
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')