CVE-2024-39815 (GCVE-0-2024-39815)
Vulnerability from cvelistv5 – Published: 2024-08-08 19:33 – Updated: 2024-08-21 20:04
VLAI?
Title
Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions
Summary
Improper check or handling of exceptional conditions vulnerability
affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated
remote attacker to cause a denial of service. A specially-crafted
HTTP request to pre-authentication resources can crash the service.
Severity ?
9.1 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Wodzen reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:41:59.876924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:04:38.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper check or handling of exceptional conditions vulnerability \naffecting Vonets\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \nremote attacker to cause a denial of service. A specially-crafted \nHTTP request to pre-authentication resources can crash the service."
}
],
"value": "Improper check or handling of exceptional conditions vulnerability \naffecting Vonets\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \nremote attacker to cause a denial of service. A specially-crafted \nHTTP request to pre-authentication resources can crash the service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:43:20.731Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-39815",
"datePublished": "2024-08-08T19:33:35.137Z",
"dateReserved": "2024-07-30T16:15:10.109Z",
"dateUpdated": "2024-08-21T20:04:38.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"94DAF720-5399-46A2-A9AB-3831045B86D2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D2E3C6A-6CC6-4954-B06C-3F023C964426\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"273874D4-43E0-44D4-AB4E-D66DE1F1B824\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C4B65A1-D625-4712-8311-685CA0A6438B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"ADCC4730-7801-485C-994F-DB7B942AA9F4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB22B21B-526A-4119-9278-E84138D523E4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"C007C620-CAF2-436E-AAA9-C012CEFCEA3B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21B9AA55-A333-4D10-A9D8-19558465F56E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"FDC4DF91-B718-4CFE-BEE7-4E9CFF121C01\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9EC2642-6A5B-4DA8-A675-B9F3CAD9B35E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"5BFA8106-50EE-428D-9297-930CE9CC99C1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE4D6B12-50A8-4314-AEDA-E3C669F772C9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"D95A2EE8-B22F-4671-8DF8-3757A335B006\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66E94FE6-235A-46F0-81B0-DFF88C454BB1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"060B7C85-806D-45B3-8268-10AC5E475171\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C434D025-8361-4C2D-AC7D-4E4A44237C27\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"3DFA50C3-2B3E-4755-98FB-63CED2CA7B8F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95D5A3C0-8303-4E77-9DE1-75FD9DAED295\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"42E71F95-814C-4EDA-8647-B03CA6AAFDEB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B23375E-0E77-4423-AEDA-9A9F26052834\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"7018E246-D211-4366-8664-90B00E68AA74\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADE0116E-37B8-4E0A-8874-A59989712743\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"C9C1B20A-8F03-4C6E-8715-B68DBBBAFB97\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F510F0DC-C170-45A3-989B-2FA8791B4FC1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"52909496-4BEB-43DB-80E3-F710BCA0CAA5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B61E3489-034E-4DD2-8699-477647462CF7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.23.6.9\", \"matchCriteriaId\": \"1FAF11BE-F3F4-4D40-9156-DDB2FFBF9470\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA90833B-D40E-42F0-8ECF-86C90E4511C4\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Improper check or handling of exceptional conditions vulnerability \\naffecting Vonets\\n\\n \\n\\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \\nremote attacker to cause a denial of service. A specially-crafted \\nHTTP request to pre-authentication resources can crash the service.\"}, {\"lang\": \"es\", \"value\": \"La verificaci\\u00f3n o el manejo inadecuados de la vulnerabilidad de condiciones excepcionales que afectan a los rel\\u00e9s de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permiten que un atacante remoto no autenticado provoque una denegaci\\u00f3n de servicio. Una solicitud HTTP especialmente manipulada para recursos de autenticaci\\u00f3n previa puede bloquear el servicio.\"}]",
"id": "CVE-2024-39815",
"lastModified": "2024-08-20T17:14:18.587",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 9.4, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"HIGH\", \"subsequentSystemIntegrity\": \"HIGH\", \"subsequentSystemAvailability\": \"HIGH\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-08-12T13:38:25.150",
"references": "[{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-703\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-39815\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2024-08-12T13:38:25.150\",\"lastModified\":\"2024-08-20T17:14:18.587\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper check or handling of exceptional conditions vulnerability \\naffecting Vonets\\n\\n \\n\\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \\nremote attacker to cause a denial of service. A specially-crafted \\nHTTP request to pre-authentication resources can crash the service.\"},{\"lang\":\"es\",\"value\":\"La verificaci\u00f3n o el manejo inadecuados de la vulnerabilidad de condiciones excepcionales que afectan a los rel\u00e9s de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permiten que un atacante remoto no autenticado provoque una denegaci\u00f3n de servicio. Una solicitud HTTP especialmente manipulada para recursos de autenticaci\u00f3n previa puede bloquear el servicio.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-703\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"94DAF720-5399-46A2-A9AB-3831045B86D2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D2E3C6A-6CC6-4954-B06C-3F023C964426\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"273874D4-43E0-44D4-AB4E-D66DE1F1B824\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C4B65A1-D625-4712-8311-685CA0A6438B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"ADCC4730-7801-485C-994F-DB7B942AA9F4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB22B21B-526A-4119-9278-E84138D523E4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"C007C620-CAF2-436E-AAA9-C012CEFCEA3B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21B9AA55-A333-4D10-A9D8-19558465F56E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"FDC4DF91-B718-4CFE-BEE7-4E9CFF121C01\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9EC2642-6A5B-4DA8-A675-B9F3CAD9B35E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"5BFA8106-50EE-428D-9297-930CE9CC99C1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE4D6B12-50A8-4314-AEDA-E3C669F772C9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"D95A2EE8-B22F-4671-8DF8-3757A335B006\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66E94FE6-235A-46F0-81B0-DFF88C454BB1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"060B7C85-806D-45B3-8268-10AC5E475171\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C434D025-8361-4C2D-AC7D-4E4A44237C27\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"3DFA50C3-2B3E-4755-98FB-63CED2CA7B8F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95D5A3C0-8303-4E77-9DE1-75FD9DAED295\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"42E71F95-814C-4EDA-8647-B03CA6AAFDEB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B23375E-0E77-4423-AEDA-9A9F26052834\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"7018E246-D211-4366-8664-90B00E68AA74\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADE0116E-37B8-4E0A-8874-A59989712743\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"C9C1B20A-8F03-4C6E-8715-B68DBBBAFB97\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F510F0DC-C170-45A3-989B-2FA8791B4FC1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"52909496-4BEB-43DB-80E3-F710BCA0CAA5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B61E3489-034E-4DD2-8699-477647462CF7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.23.6.9\",\"matchCriteriaId\":\"1FAF11BE-F3F4-4D40-9156-DDB2FFBF9470\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA90833B-D40E-42F0-8ECF-86C90E4511C4\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39815\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-09T14:41:59.876924Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"var1200-h_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"var1200-l_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"var600-h_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11ac_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11g-500s_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vbg1200_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11s-5g_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11s_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"var11n-300_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11n-300_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11g_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vga-1000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11g-300_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"vonets\", \"product\": \"vap11n-300_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-09T14:41:53.861Z\"}}], \"cna\": {\"title\": \"Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions\", \"source\": {\"advisory\": \"ICSA-24-214-08\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Wodzen reported these vulnerabilities to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.4, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Vonets\", \"product\": \"VAR1200-H\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAR1200-L\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAR600-H\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11AC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11G-500S\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VBG1200\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11S-5G\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11S\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAR11N-300\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11G-300\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11N-300\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11G\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11G-500\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VBG1200\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VAP11AC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Vonets\", \"product\": \"VGA-1000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.23.6.9\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Vonets has not responded to requests to work with CISA to mitigate these\\n vulnerabilities. Users of the affected products are encouraged to \\ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Vonets has not responded to requests to work with CISA to mitigate these\\n vulnerabilities. Users of the affected products are encouraged to \\ncontact \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\\\"\u003eVonets support\u003c/a\u003e for additional information.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper check or handling of exceptional conditions vulnerability \\naffecting Vonets\\n\\n \\n\\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \\nremote attacker to cause a denial of service. A specially-crafted \\nHTTP request to pre-authentication resources can crash the service.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper check or handling of exceptional conditions vulnerability \\naffecting Vonets\\n\\n \\n\\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \\nremote attacker to cause a denial of service. A specially-crafted \\nHTTP request to pre-authentication resources can crash the service.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-703\", \"description\": \"CWE-703\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2024-08-08T19:43:20.731Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-39815\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-21T20:04:38.205Z\", \"dateReserved\": \"2024-07-30T16:15:10.109Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2024-08-08T19:33:35.137Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…