CVE-2024-39815

Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to pre-authentication resources can crash the service.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*

History

20 Aug 2024, 17:14

Type Values Removed Values Added
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 - Third Party Advisory, US Government Resource
CWE NVD-CWE-noinfo
CPE cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11ac:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11s-5g:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vbg1200:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11n-300:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var1200-h:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11s:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11g-500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var11n-300:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-500s:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var1200-l:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vap11g-500:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:vga-1000:-:*:*:*:*:*:*:*
cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vonets:var600-h:-:*:*:*:*:*:*:*
Summary
  • (es) La verificación o el manejo inadecuados de la vulnerabilidad de condiciones excepcionales que afectan a los relés de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permiten que un atacante remoto no autenticado provoque una denegación de servicio. Una solicitud HTTP especialmente manipulada para recursos de autenticación previa puede bloquear el servicio.
CVSS v2 : unknown
v3 : 9.1
v2 : unknown
v3 : 7.5
First Time Vonets vga-1000
Vonets vga-1000 Firmware
Vonets vap11g
Vonets vap11ac Firmware
Vonets var1200-l
Vonets vbg1200
Vonets var600-h Firmware
Vonets vap11s-5g
Vonets vap11n-300
Vonets vap11g-500s
Vonets vap11ac
Vonets vap11n-300 Firmware
Vonets vbg1200 Firmware
Vonets var600-h
Vonets vap11g-300 Firmware
Vonets vap11g-500
Vonets vap11g-500s Firmware
Vonets var1200-h Firmware
Vonets vap11g-300
Vonets var1200-l Firmware
Vonets var1200-h
Vonets vap11g-500 Firmware
Vonets vap11s Firmware
Vonets
Vonets vap11s-5g Firmware
Vonets var11n-300
Vonets vap11s
Vonets vap11g Firmware
Vonets var11n-300 Firmware

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-08-20 17:14


NVD link : CVE-2024-39815

Mitre link : CVE-2024-39815

CVE.ORG link : CVE-2024-39815


JSON object : View

Products Affected

vonets

  • var11n-300
  • var1200-l
  • vap11g
  • vbg1200_firmware
  • vap11ac
  • vga-1000
  • var1200-h
  • vga-1000_firmware
  • vap11g-300
  • vap11g_firmware
  • vap11s_firmware
  • vap11g-300_firmware
  • var600-h
  • vap11g-500s_firmware
  • var1200-l_firmware
  • var600-h_firmware
  • vap11s
  • var11n-300_firmware
  • vap11g-500s
  • vap11g-500
  • var1200-h_firmware
  • vbg1200
  • vap11n-300_firmware
  • vap11ac_firmware
  • vap11s-5g
  • vap11g-500_firmware
  • vap11s-5g_firmware
  • vap11n-300
CWE
NVD-CWE-noinfo CWE-703

Improper Check or Handling of Exceptional Conditions