{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-29082","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2024-07-30T16:15:10.076Z","datePublished":"2024-08-08T19:23:23.133Z","dateUpdated":"2024-08-21T20:03:57.401Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"VAR1200-H","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAR1200-L","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAR600-H","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11AC","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11G-500S","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VBG1200","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11S-5G","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11S","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAR11N-300","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11G-300","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11N-300","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11G","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11G-500","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VBG1200","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11AC","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VGA-1000","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Wodzen reported these vulnerabilities to CISA."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper access control vulnerability affecting Vonets\n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 \nand prior, enables an unauthenticated remote attacker to bypass \nauthentication and factory reset the device via unprotected goform \nendpoints."}],"value":"Improper access control vulnerability affecting Vonets\n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 \nand prior, enables an unauthenticated remote attacker to bypass \nauthentication and factory reset the device via unprotected goform \nendpoints."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.6,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.8,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2024-08-08T19:41:29.764Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"}],"source":{"advisory":"ICSA-24-214-08","discovery":"EXTERNAL"},"title":"Vonets WiFi Bridges Improper Access Control","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\">Vonets support</a> for additional information.\n\n<br>"}],"value":"Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact  Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com  for additional information."}],"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"vonets","product":"var1200-h_firmware","cpes":["cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"var1200-l_firmware","cpes":["cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"var600-h_firmware","cpes":["cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11ac_firmware","cpes":["cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11g-500s_firmware","cpes":["cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vbg1200_firmware","cpes":["cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11s-5g_firmware","cpes":["cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11s_firmware","cpes":["cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"var11n-300_firmware","cpes":["cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11n-300_firmware","cpes":["cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11g_firmware","cpes":["cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vga-1000_firmware","cpes":["cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11g-300_firmware","cpes":["cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11n-300_firmware","cpes":["cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-09T14:43:23.222319Z","id":"CVE-2024-29082","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-21T20:03:57.401Z"}}]}}