9.1критическая
CVE-2024-37023
Описание
Multiple OS command injection vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software
versions 3.3.23.6.9 and prior, enable an authenticated remote attacker
to execute arbitrary OS commands via various endpoint parameters.
Затрагиваемое ПО
Vonets Var1200-h firmwareVonets Var1200-hVonets Var1200-l firmwareVonets Var1200-lVonets Var600-h firmwareVonets Var600-hVonets Vap11ac firmwareVonets Vap11acVonets Vap11g-500s firmwareVonets Vap11g-500sVonets Vbg1200 firmwareVonets Vbg1200Vonets Vap11s-5g firmwareVonets Vap11s-5gVonets Vap11s firmwareVonets Vap11sVonets Var11n-300 firmwareVonets Var11n-300Vonets Vap11g-300 firmwareVonets Vap11g-300Vonets Vap11n-300 firmwareVonets Vap11n-300Vonets Vap11g firmwareVonets Vap11gVonets Vap11g-500 firmware
CVSS
| Балл | 9.1 — критическая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Источники
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08