Vonets: >> Vap11g-300 Firmware Security Vulnerabilities
An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal.
CVSS Score
5.7
EPSS Score
0.001
Published
2024-09-26
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-09-26
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-09-26
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun object.
CVSS Score
7.4
EPSS Score
0.002
Published
2024-09-26
An improper authentication vulnerability affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior enables an unauthenticated remote attacker to
bypass authentication via a specially crafted direct request when
another user has an active session.
CVSS Score
8.6
EPSS Score
0.007
Published
2024-08-12
A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9
and prior, enables an unauthenticated remote attacker to read arbitrary
files and bypass authentication.
CVSS Score
7.5
EPSS Score
0.009
Published
2024-08-12
Improper check or handling of exceptional conditions vulnerability
affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated
remote attacker to cause a denial of service. A specially-crafted
HTTP request to pre-authentication resources can crash the service.
CVSS Score
9.1
EPSS Score
0.004
Published
2024-08-12
Stack-based buffer overflow vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enable an unauthenticated remote attacker to
execute arbitrary code.
CVSS Score
10.0
EPSS Score
0.006
Published
2024-08-12
Multiple OS command injection vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software
versions 3.3.23.6.9 and prior, enable an authenticated remote attacker
to execute arbitrary OS commands via various endpoint parameters.
CVSS Score
9.1
EPSS Score
0.005
Published
2024-08-12
Improper access control vulnerability affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9
and prior, enables an unauthenticated remote attacker to bypass
authentication and factory reset the device via unprotected goform
endpoints.
CVSS Score
8.6
EPSS Score
0.002
Published
2024-08-12
Page 1