CVE-2024-37023

high-risk

Published 2024-08-12

Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters.

Do I need to act?

0.69% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.1/10 Critical

NETWORK / LOW complexity

Affected Products (14)

Var1200-H Firmware

Var1200-L Firmware

Var600-H Firmware

Vap11Ac Firmware

Vap11G-500S Firmware

Vbg1200 Firmware

Vap11S-5G Firmware

Vap11S Firmware

Var11N-300 Firmware

Vap11G-300 Firmware

Vap11N-300 Firmware

Vap11G Firmware

Vap11G-500 Firmware

Vga-1000 Firmware

Affected Vendors

Vonets

References (1)

Third Party Advisory https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

/ 100

high-risk

Severity 31/34 · Critical

Exploitability 2/34 · Minimal

Exposure 18/34 · Moderate