Описание
Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enables an unauthenticated remote attacker to
bypass authentication using hard-coded administrator credentials. These
accounts cannot be disabled.
Затрагиваемое ПО
Vonets Var1200-h firmwareVonets Var1200-hVonets Var1200-l firmwareVonets Var1200-lVonets Var600-h firmwareVonets Var600-hVonets Vap11ac firmwareVonets Vap11acVonets Vap11g-500s firmwareVonets Vap11g-500sVonets Vbg1200 firmwareVonets Vbg1200Vonets Vap11s-5g firmwareVonets Vap11s-5gVonets Vap11s firmwareVonets Vap11sVonets Var11n-300 firmwareVonets Var11n-300Vonets Vap11g-300 firmwareVonets Vap11g-300Vonets Vap11n-300 firmwareVonets Vap11n-300Vonets Vap11g firmwareVonets Vap11gVonets Vap11g-500 firmware
CVSS
| Балл | 7.5 — высокая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Источники
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08