CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46329
https://notcve.org/view.php?id=CVE-2024-46329
26 Sep 2024 — VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object. • https://hawktesters.com/5519644d-246e-4924-b7c8-8fdf742117be/1af23e51-20e4-4432-a66c-64345c1e4ed4.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46330
https://notcve.org/view.php?id=CVE-2024-46330
26 Sep 2024 — VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun object. • https://hawktesters.com/5519644d-246e-4924-b7c8-8fdf742117be/704b5e66-fee5-4289-aa55-eb7feb5f0edc.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46327
https://notcve.org/view.php?id=CVE-2024-46327
26 Sep 2024 — An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal. • https://hawktesters.com/5519644d-246e-4924-b7c8-8fdf742117be/ab3b22c9-1fbf-4dbb-a1cd-8c69f6723a4a.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46328
https://notcve.org/view.php?id=CVE-2024-46328
26 Sep 2024 — VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root. • https://hawktesters.com/5519644d-246e-4924-b7c8-8fdf742117be/9461d352-c4f6-477f-a44e-b91ff71e6d84.pdf • CWE-259: Use of Hard-coded Password •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-42001 – Vonets WiFi Bridges Forced Browsing
https://notcve.org/view.php?id=CVE-2024-42001
08 Aug 2024 — An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-39791 – Vonets WiFi Bridges Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-39791
08 Aug 2024 — Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.4EPSS: 0%CPEs: 16EXPL: 0CVE-2024-39815 – Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions
https://notcve.org/view.php?id=CVE-2024-39815
08 Aug 2024 — Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to pre-authentication resources can crash the service. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 9.9EPSS: 0%CPEs: 16EXPL: 0CVE-2024-37023 – Vonets WiFi Bridges Command Injection
https://notcve.org/view.php?id=CVE-2024-37023
08 Aug 2024 — Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 16EXPL: 0CVE-2024-41936 – Vonets WiFi Bridges Path Traversal
https://notcve.org/view.php?id=CVE-2024-41936
08 Aug 2024 — A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to read arbitrary files and bypass authentication. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-29082 – Vonets WiFi Bridges Improper Access Control
https://notcve.org/view.php?id=CVE-2024-29082
08 Aug 2024 — Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 • CWE-284: Improper Access Control •