Vulnerability Description
Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vonets | Var1200-H Firmware | <= 3.3.23.6.9 |
| Vonets | Var1200-H | - |
| Vonets | Var1200-L Firmware | <= 3.3.23.6.9 |
| Vonets | Var1200-L | - |
| Vonets | Var600-H Firmware | <= 3.3.23.6.9 |
| Vonets | Var600-H | - |
| Vonets | Vap11Ac Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11Ac | - |
| Vonets | Vap11G-500S Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11G-500S | - |
| Vonets | Vbg1200 Firmware | <= 3.3.23.6.9 |
| Vonets | Vbg1200 | - |
| Vonets | Vap11S-5G Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11S-5G | - |
| Vonets | Vap11S Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11S | - |
| Vonets | Var11N-300 Firmware | <= 3.3.23.6.9 |
| Vonets | Var11N-300 | - |
| Vonets | Vap11G-300 Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11G-300 | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2024-37023?
CVE-2024-37023 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attac...
How severe is CVE-2024-37023?
CVE-2024-37023 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-37023?
Check the references section above for vendor advisories and patch information. Affected products include: Vonets Var1200-H Firmware, Vonets Var1200-H, Vonets Var1200-L Firmware, Vonets Var1200-L, Vonets Var600-H Firmware.