VonetsCVEs & Vulnerabilities

11 CVEs affecting Vonets products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

vap11g-300 firmware 11vap11g-300 11vap11g 7vap11g-500s 7vap11g-500 7vap11g-500 firmware 7vap11ac firmware 7vap11ac 7
CVE-2024-46330HIGH

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun object.

26 Sep 2024
7.4
CVSS
CVE-2024-46329HIGH

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object.

26 Sep 2024
8.0
CVSS
CVE-2024-46328HIGH

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root.

26 Sep 2024
8.0
CVSS
CVE-2024-46327MEDIUM

An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal.

26 Sep 2024
5.7
CVSS
CVE-2024-42001CRITICAL

An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session.

12 Aug 2024
9.8
CVSS
CVE-2024-41936HIGH

A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to read arbitrary files and bypass authentication.

12 Aug 2024
7.5
CVSS
CVE-2024-39815HIGH

Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to pre-authentication resources can crash the service.

12 Aug 2024
7.5
CVSS
CVE-2024-39791CRITICAL

Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code.

12 Aug 2024
9.8
CVSS
CVE-2024-37023CRITICAL

Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters.

12 Aug 2024
9.9
CVSS
CVE-2024-29082HIGH

Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints.

12 Aug 2024
8.6
CVSS
CVE-2024-41161CRITICAL

Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials. These accounts cannot be disabled.

8 Aug 2024
9.8
CVSS
← PrevPage 1 / 1Next →