CRITICAL🇵🇱 Wersja polska

CVE-2024-39791

CVSS 10.0v4.0pub. 2024-08-12upd. 2024-08-20

Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code.

🤖 AI Analysis
How it works

The error is a stack-based buffer overflow, classified as CWE-121 and CWE-787 (out-of-bounds write). An attacker can send specially crafted data to the vulnerable device over the network without needing any credentials or user interaction. The buffer overflow allows overwriting data on the stack and taking control of the program execution flow, enabling arbitrary code execution.

Impact

An unauthenticated remote attacker can execute arbitrary code on the vulnerable device, which in practice means complete takeover of the device and potential access to the industrial network to which it is connected.

Mitigation & patch

Apply patches available from the manufacturer according to references. It is recommended to update the firmware to version 3.3.23.6.9 or higher. Until the patch is applied, restrict network access to Vonets devices by isolating them from untrusted networks through firewall or network segmentation, especially in industrial environments (ICS/OT).

Who is affected

Vonets VAR1200-H, VAR1200-L, and VAR600-H (firmware) in versions 3.3.23.6.9 and earlier; devices in the industrial WiFi bridge relay and WiFi bridge repeater categories.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Vonets Vap11ac

    HW
    Vonets
    wszystkie wersje
  • Vonets Vap11ac Firmware

    OS
    Vonets
    ≤ 3.3.23.6.9
  • Vonets Vap11g

    HW
    Vonets
    wszystkie wersje
  • Vonets Vap11g 300

    HW
    Vonets
    wszystkie wersje
  • Vonets Vap11g 300 Firmware

    OS
    Vonets
    ≤ 3.3.23.6.9
  • Vonets Vap11g 500

    HW
    Vonets
    wszystkie wersje
  • Vonets Vap11g 500 Firmware

    OS
    Vonets
    ≤ 3.3.23.6.9
  • Vonets Vap11g 500s

    HW
    Vonets
    wszystkie wersje
  • Vonets Vap11g 500s Firmware

    OS
    Vonets
    ≤ 3.3.23.6.9
  • Vonets Vap11g Firmware

    OS
    Vonets
    ≤ 3.3.23.6.9
  • Vonets Vap11n 300

    HW
    Vonets
    wszystkie wersje
  • Vonets Vap11n 300 Firmware

    OS
    Vonets
    ≤ 3.3.23.6.9
  • Vonets Vap11s

    HW
    Vonets
    wszystkie wersje
  • Vonets Vap11s 5g

    HW
    Vonets
    wszystkie wersje
  • Vonets Vap11s 5g Firmware

    OS
    Vonets
    ≤ 3.3.23.6.9
  • Vonets Vap11s Firmware

    OS
    Vonets
    ≤ 3.3.23.6.9
  • Vonets Var11n 300

    HW
    Vonets
    wszystkie wersje
  • Vonets Var11n 300 Firmware

    OS
    Vonets
    ≤ 3.3.23.6.9
  • Vonets Var1200 H

    HW
    Vonets
    wszystkie wersje
  • Vonets Var1200 H Firmware

    OS
    Vonets
    ≤ 3.3.23.6.9
  • Vonets Var1200 L

    HW
    Vonets
    wszystkie wersje
  • Vonets Var1200 L Firmware

    OS
    Vonets
    ≤ 3.3.23.6.9
  • Vonets Var600 H

    HW
    Vonets
    wszystkie wersje
  • Vonets Var600 H Firmware

    OS
    Vonets
    ≤ 3.3.23.6.9
  • Vonets Vbg1200

    HW
    Vonets
    wszystkie wersje
  • Vonets Vbg1200 Firmware

    OS
    Vonets
    ≤ 3.3.23.6.9
  • Vonets Vga 1000

    HW
    Vonets
    wszystkie wersje
  • Vonets Vga 1000 Firmware

    OS
    Vonets
    ≤ 3.3.23.6.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2024-39815CRITICAL9.4PL ✓ten sam produkt

Odmowa usługi w urządzeniach Vonets WiFi Bridge przez wadliwy HTTP request

CVE-2024-37023CRITICAL9.4PL ✓ten sam produkt

Command Injection w urządzeniach Vonets WiFi Bridge — zdalne wykonanie komend

CVE-2024-46329HIGH8.0ten sam produkt

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemComman...

CVE-2024-46328HIGH8.0ten sam produkt

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged...

CVE-2024-46330HIGH7.4ten sam produkt

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebs...