CVE-2024-41161
published 2024-08-08CVE-2024-41161: Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.63%
45.7th percentile
Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enables an unauthenticated remote attacker to
bypass authentication using hard-coded administrator credentials. These
accounts cannot be disabled.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vonets | vap11ac | <= 3.3.23.6.9 | — |
| vonets | vap11ac_firmware | <= 3.3.23.6.9 | — |
| vonets | vap11g | <= 3.3.23.6.9 | — |
| vonets | vap11g-300 | <= 3.3.23.6.9 | — |
| vonets | vap11g-300_firmware | <= 3.3.23.6.9 | — |
| vonets | vap11g-500 | <= 3.3.23.6.9 | — |
| vonets | vap11g-500_firmware | <= 3.3.23.6.9 | — |
| vonets | vap11g-500s | <= 3.3.23.6.9 | — |
| vonets | vap11g-500s_firmware | <= 3.3.23.6.9 | — |
| vonets | vap11g_firmware | <= 3.3.23.6.9 | — |
| vonets | vap11n-300 | <= 3.3.23.6.9 | — |
| vonets | vap11n-300_firmware | <= 3.3.23.6.9 | — |
| vonets | vap11s | <= 3.3.23.6.9 | — |
| vonets | vap11s-5g | <= 3.3.23.6.9 | — |
| vonets | vap11s-5g_firmware | <= 3.3.23.6.9 | — |
| vonets | vap11s_firmware | <= 3.3.23.6.9 | — |
| vonets | var11n-300 | <= 3.3.23.6.9 | — |
| vonets | var11n-300_firmware | <= 3.3.23.6.9 | — |
| vonets | var1200-h | <= 3.3.23.6.9 | — |
| vonets | var1200-h_firmware | <= 3.3.23.6.9 | — |
| vonets | var1200-l | <= 3.3.23.6.9 | — |
| vonets | var1200-l_firmware | <= 3.3.23.6.9 | — |
| vonets | var600-h | <= 3.3.23.6.9 | — |
| vonets | var600-h_firmware | <= 3.3.23.6.9 | — |
| vonets | vbg1200 | <= 3.3.23.6.9 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Vonets WiFi Bridges
cisa_ics·2024-08-01
Vonets WiFi Bridges
ICS Advisory
##
Vonets WiFi Bridges
Release DateAugust 01, 2024
Alert CodeICSA-24-214-08
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Vonets
- Equipment: VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000
- Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control, Path Traversal, Command Injection, Improper Check or Handling of Exceptional Conditions, Stack Based Buffer Overflow, Direct Request
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could all
GHSA
GHSA-qrrm-xwcc-693j: Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and WiFi bridge repeaters, software versions
3
ghsa_unreviewed·2024-08-08
CVE-2024-41161 [HIGH] CWE-798 GHSA-qrrm-xwcc-693j: Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and WiFi bridge repeaters, software versions
3
Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and WiFi bridge repeaters, software versions
3.3.23.6.9 and prior, enables an unauthenticated remote attacker to
bypass authentication using hard-coded administrator credentials. These
accounts cannot be disabled.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-08
Published