1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Vonets
- Equipment: VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000
- Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control, Path Traversal, Command Injection, Improper Check or Handling of Exceptional Conditions, Stack Based Buffer Overflow, Direct Request
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or execute arbitrary code on the affected device.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
At least the following Vonets products are affected:
- VAR1200-H: Versions 3.3.23.6.9 and prior
- VAR1200-L: Versions 3.3.23.6.9 and prior
- VAR600-H: Versions 3.3.23.6.9 and prior
- VAP11AC: Versions 3.3.23.6.9 and prior
- VAP11G-500S: Versions 3.3.23.6.9 and prior
- VBG1200: Versions 3.3.23.6.9 and prior
- VAP11S-5G: Versions 3.3.23.6.9 and prior
- VAP11S: Versions 3.3.23.6.9 and prior
- VAR11N-300: Versions 3.3.23.6.9 and prior
- VAP11G-300: Versions 3.3.23.6.9 and prior
- VAP11N-300: Versions 3.3.23.6.9 and prior
- VAP11G: Versions 3.3.23.6.9 and prior
- VAP11G-500: Versions 3.3.23.6.9 and prior
- VBG1200: Versions 3.3.23.6.9 and prior
- VAP11AC: Versions 3.3.23.6.9 and prior
- VGA-1000: Versions 3.3.23.6.9 and prior
3.2 Vulnerability Overview
3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798
Use of Hard-coded Credentials vulnerability affecting Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using h
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article: