{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-39815","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2024-07-30T16:15:10.109Z","datePublished":"2024-08-08T19:33:35.137Z","dateUpdated":"2024-08-21T20:04:38.205Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"VAR1200-H","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAR1200-L","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAR600-H","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11AC","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11G-500S","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VBG1200","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11S-5G","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11S","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAR11N-300","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11G-300","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11N-300","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11G","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11G-500","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VBG1200","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VAP11AC","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"VGA-1000","vendor":"Vonets","versions":[{"lessThanOrEqual":"3.3.23.6.9","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Wodzen reported these vulnerabilities to CISA."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper check or handling of exceptional conditions vulnerability \naffecting Vonets\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \nremote attacker to cause a denial of service. A specially-crafted \nHTTP request to pre-authentication resources can crash the service."}],"value":"Improper check or handling of exceptional conditions vulnerability \naffecting Vonets\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \nremote attacker to cause a denial of service. A specially-crafted \nHTTP request to pre-authentication resources can crash the service."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.4,"baseSeverity":"CRITICAL","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-703","description":"CWE-703","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2024-08-08T19:43:20.731Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"}],"source":{"advisory":"ICSA-24-214-08","discovery":"EXTERNAL"},"title":"Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\">Vonets support</a> for additional information.\n\n<br>"}],"value":"Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact  Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com  for additional information."}],"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"vonets","product":"var1200-h_firmware","cpes":["cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"var1200-l_firmware","cpes":["cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"var600-h_firmware","cpes":["cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11ac_firmware","cpes":["cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11g-500s_firmware","cpes":["cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vbg1200_firmware","cpes":["cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11s-5g_firmware","cpes":["cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11s_firmware","cpes":["cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"var11n-300_firmware","cpes":["cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11n-300_firmware","cpes":["cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11g_firmware","cpes":["cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vga-1000_firmware","cpes":["cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11g-300_firmware","cpes":["cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]},{"vendor":"vonets","product":"vap11n-300_firmware","cpes":["cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.3.23.6.9","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-09T14:41:59.876924Z","id":"CVE-2024-39815","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-21T20:04:38.205Z"}}]}}