ГлавнаяУязвимости → CVE-2024-29082
8.6высокая

CVE-2024-29082

Описание

Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints.

Затрагиваемое ПО
Vonets Var1200-h firmwareVonets Var1200-hVonets Var1200-l firmwareVonets Var1200-lVonets Var600-h firmwareVonets Var600-hVonets Vap11ac firmwareVonets Vap11acVonets Vap11g-500s firmwareVonets Vap11g-500sVonets Vbg1200 firmwareVonets Vbg1200Vonets Vap11s-5g firmwareVonets Vap11s-5gVonets Vap11s firmwareVonets Vap11sVonets Var11n-300 firmwareVonets Var11n-300Vonets Vap11g-300 firmwareVonets Vap11g-300Vonets Vap11n-300 firmwareVonets Vap11n-300Vonets Vap11g firmwareVonets Vap11gVonets Vap11g-500 firmware
CVSS
Балл8.6 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Источники
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08