CVE-2024-29082

moderate-risk

Published 2024-08-12

Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints.

Do I need to act?

0.09% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.6/10 High

NETWORK / LOW complexity

Affected Products (14)

Var1200-H Firmware

Var1200-L Firmware

Var600-H Firmware

Vap11Ac Firmware

Vap11G-500S Firmware

Vbg1200 Firmware

Vap11S-5G Firmware

Vap11S Firmware

Var11N-300 Firmware

Vap11G-300 Firmware

Vap11N-300 Firmware

Vap11G Firmware

Vap11G-500 Firmware

Vga-1000 Firmware

Affected Vendors

Vonets

References (1)

Third Party Advisory https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

/ 100

moderate-risk

Severity 29/34 · Critical

Exploitability 0/34 · Minimal

Exposure 18/34 · Moderate