Vulnerability Description
Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials. These accounts cannot be disabled.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vonets | Var1200-H Firmware | <= 3.3.23.6.9 |
| Vonets | Var1200-H | - |
| Vonets | Var1200-L Firmware | <= 3.3.23.6.9 |
| Vonets | Var1200-L | - |
| Vonets | Var600-H Firmware | <= 3.3.23.6.9 |
| Vonets | Var600-H | - |
| Vonets | Vap11Ac Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11Ac | - |
| Vonets | Vap11G-500S Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11G-500S | - |
| Vonets | Vbg1200 Firmware | <= 3.3.23.6.9 |
| Vonets | Vbg1200 | - |
| Vonets | Vap11S-5G Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11S-5G | - |
| Vonets | Vap11S Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11S | - |
| Vonets | Var11N-300 Firmware | <= 3.3.23.6.9 |
| Vonets | Var11N-300 | - |
| Vonets | Vap11G-300 Firmware | <= 3.3.23.6.9 |
| Vonets | Vap11G-300 | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2024-41161?
CVE-2024-41161 is a vulnerability with a CVSS score of 7.5 (HIGH). Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacke...
How severe is CVE-2024-41161?
CVE-2024-41161 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-41161?
Check the references section above for vendor advisories and patch information. Affected products include: Vonets Var1200-H Firmware, Vonets Var1200-H, Vonets Var1200-L Firmware, Vonets Var1200-L, Vonets Var600-H Firmware.