Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code.
The error is a stack-based buffer overflow, classified as CWE-121 and CWE-787 (out-of-bounds write). An attacker can send specially crafted data to the vulnerable device over the network without needing any credentials or user interaction. The buffer overflow allows overwriting data on the stack and taking control of the program execution flow, enabling arbitrary code execution.
An unauthenticated remote attacker can execute arbitrary code on the vulnerable device, which in practice means complete takeover of the device and potential access to the industrial network to which it is connected.
Apply patches available from the manufacturer according to references. It is recommended to update the firmware to version 3.3.23.6.9 or higher. Until the patch is applied, restrict network access to Vonets devices by isolating them from untrusted networks through firewall or network segmentation, especially in industrial environments (ICS/OT).
Vonets VAR1200-H, VAR1200-L, and VAR600-H (firmware) in versions 3.3.23.6.9 and earlier; devices in the industrial WiFi bridge relay and WiFi bridge repeater categories.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XVonets Vap11ac
HWVonetswszystkie wersjeVonets Vap11ac Firmware
OSVonets≤ 3.3.23.6.9Vonets Vap11g
HWVonetswszystkie wersjeVonets Vap11g 300
HWVonetswszystkie wersjeVonets Vap11g 300 Firmware
OSVonets≤ 3.3.23.6.9Vonets Vap11g 500
HWVonetswszystkie wersjeVonets Vap11g 500 Firmware
OSVonets≤ 3.3.23.6.9Vonets Vap11g 500s
HWVonetswszystkie wersjeVonets Vap11g 500s Firmware
OSVonets≤ 3.3.23.6.9Vonets Vap11g Firmware
OSVonets≤ 3.3.23.6.9Vonets Vap11n 300
HWVonetswszystkie wersjeVonets Vap11n 300 Firmware
OSVonets≤ 3.3.23.6.9Vonets Vap11s
HWVonetswszystkie wersjeVonets Vap11s 5g
HWVonetswszystkie wersjeVonets Vap11s 5g Firmware
OSVonets≤ 3.3.23.6.9Vonets Vap11s Firmware
OSVonets≤ 3.3.23.6.9Vonets Var11n 300
HWVonetswszystkie wersjeVonets Var11n 300 Firmware
OSVonets≤ 3.3.23.6.9Vonets Var1200 H
HWVonetswszystkie wersjeVonets Var1200 H Firmware
OSVonets≤ 3.3.23.6.9Vonets Var1200 L
HWVonetswszystkie wersjeVonets Var1200 L Firmware
OSVonets≤ 3.3.23.6.9Vonets Var600 H
HWVonetswszystkie wersjeVonets Var600 H Firmware
OSVonets≤ 3.3.23.6.9Vonets Vbg1200
HWVonetswszystkie wersjeVonets Vbg1200 Firmware
OSVonets≤ 3.3.23.6.9Vonets Vga 1000
HWVonetswszystkie wersjeVonets Vga 1000 Firmware
OSVonets≤ 3.3.23.6.9
Related vulnerabilities
Odmowa usługi w urządzeniach Vonets WiFi Bridge przez wadliwy HTTP request
Command Injection w urządzeniach Vonets WiFi Bridge — zdalne wykonanie komend
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemComman...
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged...
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebs...