CVE-2024-37023

Severity CVSS v4.0:
Pending analysis
Type:
CWE-77 Command Injection
Publication date:
12/08/2024
Last modified:
20/08/2024

Description

Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:* 3.3.23.6.9 (including)
cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:* 3.3.23.6.9 (including)
cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:* 3.3.23.6.9 (including)
cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:* 3.3.23.6.9 (including)
cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:* 3.3.23.6.9 (including)
cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:* 3.3.23.6.9 (including)
cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:* 3.3.23.6.9 (including)
cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:* 3.3.23.6.9 (including)


References to Advisories, Solutions, and Tools