ГлавнаяУязвимости → CVE-2024-42001
8.6высокая

CVE-2024-42001

Описание

An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session.

Затрагиваемое ПО
Vonets Var1200-h firmwareVonets Var1200-hVonets Var1200-l firmwareVonets Var1200-lVonets Var600-h firmwareVonets Var600-hVonets Vap11ac firmwareVonets Vap11acVonets Vap11g-500s firmwareVonets Vap11g-500sVonets Vbg1200 firmwareVonets Vbg1200Vonets Vap11s-5g firmwareVonets Vap11s-5gVonets Vap11s firmwareVonets Vap11sVonets Var11n-300 firmwareVonets Var11n-300Vonets Vap11g-300 firmwareVonets Vap11g-300Vonets Vap11n-300 firmwareVonets Vap11n-300Vonets Vap11g firmwareVonets Vap11gVonets Vap11g-500 firmware
CVSS
Балл8.6 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Источники
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08