Vulnerability Description
Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vonets | Var1200-H Firmware | <= 3.3.23.6.9 |
| Vonets | Var1200-H | - |
| Vonets | Var1200-L Firmware | <= 3.3.23.6.9 |
| Vonets | Var1200-L | - |
| Vonets | Var600-H Firmware | <= 3.3.23.6.9 |
| Vonets | Var600-H | - |
| Vonets | Vap11Ac Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11Ac | - |
| Vonets | Vap11G-500S Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11G-500S | - |
| Vonets | Vbg1200 Firmware | <= 3.3.23.6.9 |
| Vonets | Vbg1200 | - |
| Vonets | Vap11S-5G Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11S-5G | - |
| Vonets | Vap11S Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11S | - |
| Vonets | Var11N-300 Firmware | <= 3.3.23.6.9 |
| Vonets | Var11N-300 | - |
| Vonets | Vap11G-300 Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11G-300 | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2024-29082?
CVE-2024-29082 is a vulnerability with a CVSS score of 8.6 (HIGH). Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to...
How severe is CVE-2024-29082?
CVE-2024-29082 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-29082?
Check the references section above for vendor advisories and patch information. Affected products include: Vonets Var1200-H Firmware, Vonets Var1200-H, Vonets Var1200-L Firmware, Vonets Var1200-L, Vonets Var600-H Firmware.