CVE-2024-41936
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
12/08/2024
Last modified:
20/08/2024
Description
A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 <br />
and prior, enables an unauthenticated remote attacker to read arbitrary <br />
files and bypass authentication.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:* | 3.3.23.6.9 (including) | |
| cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:* | 3.3.23.6.9 (including) | |
| cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:* | 3.3.23.6.9 (including) | |
| cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:* | 3.3.23.6.9 (including) | |
| cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:* | 3.3.23.6.9 (including) | |
| cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:* | 3.3.23.6.9 (including) | |
| cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:* | 3.3.23.6.9 (including) | |
| cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:* | 3.3.23.6.9 (including) |
To consult the complete list of CPE names with products and versions, see this page