CVE-2024-39791
published 2024-08-12CVE-2024-39791: Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.11%
61.9th percentile
Stack-based buffer overflow vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enable an unauthenticated remote attacker to
execute arbitrary code.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vonets | vap11ac | <= 3.3.23.6.9 | — |
| vonets | vap11ac_firmware | <= 3.3.23.6.9 | — |
| vonets | vap11g | <= 3.3.23.6.9 | — |
| vonets | vap11g-300 | <= 3.3.23.6.9 | — |
| vonets | vap11g-300_firmware | <= 3.3.23.6.9 | — |
| vonets | vap11g-500 | <= 3.3.23.6.9 | — |
| vonets | vap11g-500_firmware | <= 3.3.23.6.9 | — |
| vonets | vap11g-500s | <= 3.3.23.6.9 | — |
| vonets | vap11g-500s_firmware | <= 3.3.23.6.9 | — |
| vonets | vap11g_firmware | <= 3.3.23.6.9 | — |
| vonets | vap11n-300 | <= 3.3.23.6.9 | — |
| vonets | vap11n-300_firmware | <= 3.3.23.6.9 | — |
| vonets | vap11s | <= 3.3.23.6.9 | — |
| vonets | vap11s-5g | <= 3.3.23.6.9 | — |
| vonets | vap11s-5g_firmware | <= 3.3.23.6.9 | — |
| vonets | vap11s_firmware | <= 3.3.23.6.9 | — |
| vonets | var11n-300 | <= 3.3.23.6.9 | — |
| vonets | var11n-300_firmware | <= 3.3.23.6.9 | — |
| vonets | var1200-h | <= 3.3.23.6.9 | — |
| vonets | var1200-h_firmware | <= 3.3.23.6.9 | — |
| vonets | var1200-l | <= 3.3.23.6.9 | — |
| vonets | var1200-l_firmware | <= 3.3.23.6.9 | — |
| vonets | var600-h | <= 3.3.23.6.9 | — |
| vonets | var600-h_firmware | <= 3.3.23.6.9 | — |
| vonets | vbg1200 | <= 3.3.23.6.9 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h95q-q7mj-92qm: Stack-based buffer overflow vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3
ghsa_unreviewed·2024-08-12
CVE-2024-39791 [CRITICAL] CWE-121 GHSA-h95q-q7mj-92qm: Stack-based buffer overflow vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3
Stack-based buffer overflow vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enable an unauthenticated remote attacker to
execute arbitrary code.
CISA ICS
Vonets WiFi Bridges
cisa_ics·2024-08-01
Vonets WiFi Bridges
ICS Advisory
##
Vonets WiFi Bridges
Release DateAugust 01, 2024
Alert CodeICSA-24-214-08
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Vonets
- Equipment: VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000
- Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control, Path Traversal, Command Injection, Improper Check or Handling of Exceptional Conditions, Stack Based Buffer Overflow, Direct Request
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could all
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-12
Published