CVE-2024-37023 (GCVE-0-2024-37023)
Vulnerability from cvelistv5 – Published: 2024-08-08 19:30 – Updated: 2024-08-21 20:04
VLAI?
Title
Vonets WiFi Bridges Command Injection
Summary
Multiple OS command injection vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software
versions 3.3.23.6.9 and prior, enable an authenticated remote attacker
to execute arbitrary OS commands via various endpoint parameters.
Severity ?
9.1 (Critical)
CWE
- CWE-77 - Command Injection
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:42:37.219187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:04:21.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple OS command injection vulnerabilities affecting Vonets \n\n industrial wifi bridge relays and wifi bridge repeaters, software \nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \nto execute arbitrary OS commands via various endpoint parameters."
}
],
"value": "Multiple OS command injection vulnerabilities affecting Vonets \n\n industrial wifi bridge relays and wifi bridge repeaters, software \nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \nto execute arbitrary OS commands via various endpoint parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:42:41.939Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Command Injection",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-37023",
"datePublished": "2024-08-08T19:30:40.496Z",
"dateReserved": "2024-07-30T16:15:10.100Z",
"dateUpdated": "2024-08-21T20:04:21.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"94DAF720-5399-46A2-A9AB-3831045B86D2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D2E3C6A-6CC6-4954-B06C-3F023C964426\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"273874D4-43E0-44D4-AB4E-D66DE1F1B824\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C4B65A1-D625-4712-8311-685CA0A6438B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"ADCC4730-7801-485C-994F-DB7B942AA9F4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB22B21B-526A-4119-9278-E84138D523E4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"C007C620-CAF2-436E-AAA9-C012CEFCEA3B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21B9AA55-A333-4D10-A9D8-19558465F56E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"FDC4DF91-B718-4CFE-BEE7-4E9CFF121C01\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9EC2642-6A5B-4DA8-A675-B9F3CAD9B35E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"5BFA8106-50EE-428D-9297-930CE9CC99C1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE4D6B12-50A8-4314-AEDA-E3C669F772C9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"D95A2EE8-B22F-4671-8DF8-3757A335B006\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66E94FE6-235A-46F0-81B0-DFF88C454BB1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"060B7C85-806D-45B3-8268-10AC5E475171\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C434D025-8361-4C2D-AC7D-4E4A44237C27\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"3DFA50C3-2B3E-4755-98FB-63CED2CA7B8F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95D5A3C0-8303-4E77-9DE1-75FD9DAED295\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"42E71F95-814C-4EDA-8647-B03CA6AAFDEB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B23375E-0E77-4423-AEDA-9A9F26052834\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"7018E246-D211-4366-8664-90B00E68AA74\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADE0116E-37B8-4E0A-8874-A59989712743\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"C9C1B20A-8F03-4C6E-8715-B68DBBBAFB97\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F510F0DC-C170-45A3-989B-2FA8791B4FC1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"52909496-4BEB-43DB-80E3-F710BCA0CAA5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B61E3489-034E-4DD2-8699-477647462CF7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"1FAF11BE-F3F4-4D40-9156-DDB2FFBF9470\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA90833B-D40E-42F0-8ECF-86C90E4511C4\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple OS command injection vulnerabilities affecting Vonets \\n\\n industrial wifi bridge relays and wifi bridge repeaters, software \\nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \\nto execute arbitrary OS commands via various endpoint parameters.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de inyecci\\u00f3n de comandos del sistema operativo que afectan a los rel\\u00e9s de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permiten a un atacante remoto autenticado ejecutar comandos arbitrarios del sistema operativo a trav\\u00e9s de varios par\\u00e1metros de endpoint.\"}]",
"id": "CVE-2024-37023",
"lastModified": "2024-08-20T17:12:03.330",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 9.4, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"HIGH\", \"subsequentSystemIntegrity\": \"HIGH\", \"subsequentSystemAvailability\": \"HIGH\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.9, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 6.0}]}",
"published": "2024-08-12T13:38:22.837",
"references": "[{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-37023\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2024-08-12T13:38:22.837\",\"lastModified\":\"2024-08-20T17:12:03.330\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple OS command injection vulnerabilities affecting Vonets \\n\\n industrial wifi bridge relays and wifi bridge repeaters, software \\nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \\nto execute arbitrary OS commands via various endpoint parameters.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos del sistema operativo que afectan a los rel\u00e9s de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permiten a un atacante remoto autenticado ejecutar comandos arbitrarios del sistema operativo a trav\u00e9s de varios par\u00e1metros de endpoint.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"94DAF720-5399-46A2-A9AB-3831045B86D2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D2E3C6A-6CC6-4954-B06C-3F023C964426\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"273874D4-43E0-44D4-AB4E-D66DE1F1B824\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C4B65A1-D625-4712-8311-685CA0A6438B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"ADCC4730-7801-485C-994F-DB7B942AA9F4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB22B21B-526A-4119-9278-E84138D523E4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"C007C620-CAF2-436E-AAA9-C012CEFCEA3B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21B9AA55-A333-4D10-A9D8-19558465F56E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"FDC4DF91-B718-4CFE-BEE7-4E9CFF121C01\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9EC2642-6A5B-4DA8-A675-B9F3CAD9B35E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"5BFA8106-50EE-428D-9297-930CE9CC99C1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE4D6B12-50A8-4314-AEDA-E3C669F772C9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"D95A2EE8-B22F-4671-8DF8-3757A335B006\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66E94FE6-235A-46F0-81B0-DFF88C454BB1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"060B7C85-806D-45B3-8268-10AC5E475171\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C434D025-8361-4C2D-AC7D-4E4A44237C27\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"3DFA50C3-2B3E-4755-98FB-63CED2CA7B8F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95D5A3C0-8303-4E77-9DE1-75FD9DAED295\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"42E71F95-814C-4EDA-8647-B03CA6AAFDEB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B23375E-0E77-4423-AEDA-9A9F26052834\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"7018E246-D211-4366-8664-90B00E68AA74\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADE0116E-37B8-4E0A-8874-A59989712743\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"C9C1B20A-8F03-4C6E-8715-B68DBBBAFB97\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F510F0DC-C170-45A3-989B-2FA8791B4FC1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"52909496-4BEB-43DB-80E3-F710BCA0CAA5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B61E3489-034E-4DD2-8699-477647462CF7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"1FAF11BE-F3F4-4D40-9156-DDB2FFBF9470\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA90833B-D40E-42F0-8ECF-86C90E4511C4\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-37023\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-09T14:42:37.219187Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"var1200-h_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"var1200-l_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"var600-h_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11ac_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11g-500s_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vbg1200_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11s-5g_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11s_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"var11n-300_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11n-300_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11g_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vga-1000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11g-300_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11n-300_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-09T14:42:35.078Z\"}}], \"cna\": {\"title\": \"Vonets WiFi Bridges Command Injection\", \"source\": {\"advisory\": \"ICSA-24-214-08\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Wodzen reported these vulnerabilities to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.4, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Vonets\", \"product\": \"VAR1200-H\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAR1200-L\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAR600-H\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11AC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11G-500S\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VBG1200\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11S-5G\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11S\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAR11N-300\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11G-300\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11N-300\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11G\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11G-500\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VBG1200\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11AC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VGA-1000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Vonets has not responded to requests to work with CISA to mitigate these\\n vulnerabilities. Users of the affected products are encouraged to \\ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Vonets has not responded to requests to work with CISA to mitigate these\\n vulnerabilities. Users of the affected products are encouraged to \\ncontact \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\\\"\u003eVonets support\u003c/a\u003e for additional information.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple OS command injection vulnerabilities affecting Vonets \\n\\n industrial wifi bridge relays and wifi bridge repeaters, software \\nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \\nto execute arbitrary OS commands via various endpoint parameters.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Multiple OS command injection vulnerabilities affecting Vonets \\n\\n industrial wifi bridge relays and wifi bridge repeaters, software \\nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \\nto execute arbitrary OS commands via various endpoint parameters.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-77\", \"description\": \"CWE-77 Command Injection\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2024-08-08T19:42:41.939Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-37023\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-21T20:04:21.492Z\", \"dateReserved\": \"2024-07-30T16:15:10.100Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2024-08-08T19:30:40.496Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…