A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9
and prior, enables an unauthenticated remote attacker to read arbitrary
files and bypass authentication.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
History
20 Aug 2024, 16:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:* cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:* cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:* |
|
First Time |
Vonets var1200-l Firmware
Vonets vap11n-300 Vonets vap11s-5g Firmware Vonets vap11ac Vonets vap11g-500 Vonets var600-h Vonets var11n-300 Firmware Vonets vap11g-300 Vonets var1200-h Firmware Vonets vap11g Firmware Vonets vap11g-500 Firmware Vonets var11n-300 Vonets vga-1000 Firmware Vonets Vonets vap11ac Firmware Vonets vap11n-300 Firmware Vonets vap11s Vonets vap11s Firmware Vonets var600-h Firmware Vonets vap11g-500s Vonets vga-1000 Vonets vap11s-5g Vonets var1200-l Vonets var1200-h Vonets vbg1200 Firmware Vonets vap11g-500s Firmware Vonets vap11g-300 Firmware Vonets vap11g Vonets vbg1200 |
|
Summary |
|
|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 - Third Party Advisory, US Government Resource |
12 Aug 2024, 13:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-12 13:38
Updated : 2024-08-20 16:26
NVD link : CVE-2024-41936
Mitre link : CVE-2024-41936
CVE.ORG link : CVE-2024-41936
JSON object : View
Products Affected
vonets
- var1200-l
- vap11n-300_firmware
- vbg1200
- var1200-l_firmware
- var11n-300_firmware
- vap11g_firmware
- vap11g-300_firmware
- var600-h_firmware
- vbg1200_firmware
- vap11ac
- vga-1000
- vap11s-5g_firmware
- var11n-300
- vap11s
- vga-1000_firmware
- vap11s_firmware
- var1200-h_firmware
- var600-h
- vap11g-500s
- var1200-h
- vap11g-500_firmware
- vap11n-300
- vap11g-500s_firmware
- vap11g-300
- vap11g
- vap11ac_firmware
- vap11s-5g
- vap11g-500
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')