Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials. These accounts cannot be disabled.
History

Tue, 20 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Vonets vap11ac
Vonets vap11g
Vonets vap11g-300
Vonets vap11g-500
Vonets vap11g-500 Firmware
Vonets vap11g-500s
Vonets vap11n-300
Vonets vap11s
Vonets vap11s-5g
Vonets var11n-300
Vonets var1200-h
Vonets var1200-l
Vonets var600-h
Vonets vbg1200
Vonets vga-1000
CPEs cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*
Vendors & Products Vonets vap11ac
Vonets vap11g
Vonets vap11g-300
Vonets vap11g-500
Vonets vap11g-500 Firmware
Vonets vap11g-500s
Vonets vap11n-300
Vonets vap11s
Vonets vap11s-5g
Vonets var11n-300
Vonets var1200-h
Vonets var1200-l
Vonets var600-h
Vonets vbg1200
Vonets vga-1000

Fri, 09 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Vonets
Vonets vap11ac Firmware
Vonets vap11g-300 Firmware
Vonets vap11g-500s Firmware
Vonets vap11g Firmware
Vonets vap11n-300 Firmware
Vonets vap11s-5g Firmware
Vonets vap11s Firmware
Vonets var11n-300 Firmware
Vonets var1200-h Firmware
Vonets var1200-l Firmware
Vonets var600-h Firmware
Vonets vbg1200 Firmware
Vonets vga-1000 Firmware
CPEs cpe:2.3:a:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:vonets:vap11g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:vonets:vap11s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:vonets:var600-h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*
Vendors & Products Vonets
Vonets vap11ac Firmware
Vonets vap11g-300 Firmware
Vonets vap11g-500s Firmware
Vonets vap11g Firmware
Vonets vap11n-300 Firmware
Vonets vap11s-5g Firmware
Vonets vap11s Firmware
Vonets var11n-300 Firmware
Vonets var1200-h Firmware
Vonets var1200-l Firmware
Vonets var600-h Firmware
Vonets vbg1200 Firmware
Vonets vga-1000 Firmware
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 08 Aug 2024 20:00:00 +0000

Type Values Removed Values Added
Description Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and WiFi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials. These accounts cannot be disabled. Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials. These accounts cannot be disabled.

Thu, 08 Aug 2024 18:00:00 +0000

Type Values Removed Values Added
Description Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and WiFi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials. These accounts cannot be disabled.
Title Vonets WiFi Bridges Use of Hard-coded Credentials
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-08-08T17:49:35.888Z

Updated: 2024-08-09T14:37:54.073Z

Reserved: 2024-07-30T16:15:10.064Z

Link: CVE-2024-41161

cve-icon Vulnrichment

Updated: 2024-08-09T14:37:35.348Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-08T18:15:10.640

Modified: 2024-08-20T17:09:50.647

Link: CVE-2024-41161

cve-icon Redhat

No data.