Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XVonets Vap11ac
HWVonetswszystkie wersjeVonets Vap11ac Firmware
OSVonets≤ 3.3.23.6.9Vonets Vap11g
HWVonetswszystkie wersjeVonets Vap11g 300
HWVonetswszystkie wersjeVonets Vap11g 300 Firmware
OSVonets≤ 3.3.23.6.9Vonets Vap11g 500
HWVonetswszystkie wersjeVonets Vap11g 500 Firmware
OSVonets≤ 3.3.23.6.9Vonets Vap11g 500s
HWVonetswszystkie wersjeVonets Vap11g 500s Firmware
OSVonets≤ 3.3.23.6.9Vonets Vap11g Firmware
OSVonets≤ 3.3.23.6.9Vonets Vap11n 300
HWVonetswszystkie wersjeVonets Vap11n 300 Firmware
OSVonets≤ 3.3.23.6.9Vonets Vap11s
HWVonetswszystkie wersjeVonets Vap11s 5g
HWVonetswszystkie wersjeVonets Vap11s 5g Firmware
OSVonets≤ 3.3.23.6.9Vonets Vap11s Firmware
OSVonets≤ 3.3.23.6.9Vonets Var11n 300
HWVonetswszystkie wersjeVonets Var11n 300 Firmware
OSVonets≤ 3.3.23.6.9Vonets Var1200 H
HWVonetswszystkie wersjeVonets Var1200 H Firmware
OSVonets≤ 3.3.23.6.9Vonets Var1200 L
HWVonetswszystkie wersjeVonets Var1200 L Firmware
OSVonets≤ 3.3.23.6.9Vonets Var600 H
HWVonetswszystkie wersjeVonets Var600 H Firmware
OSVonets≤ 3.3.23.6.9Vonets Vbg1200
HWVonetswszystkie wersjeVonets Vbg1200 Firmware
OSVonets≤ 3.3.23.6.9Vonets Vga 1000
HWVonetswszystkie wersjeVonets Vga 1000 Firmware
OSVonets≤ 3.3.23.6.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2024-39815CRITICAL9.4PL ✓ten sam produkt
Odmowa usługi w urządzeniach Vonets WiFi Bridge przez wadliwy HTTP request
CVE-2024-39791CRITICAL10.0PL ✓ten sam produkt
Stack-based buffer overflow RCE w urządzeniach Vonets WiFi Bridge
CVE-2024-46329HIGH8.0ten sam produkt
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemComman...
CVE-2024-46328HIGH8.0ten sam produkt
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged...
CVE-2024-46330HIGH7.4ten sam produkt
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebs...