CVE-2024-29082 Vonets CVE debrief

Who should care

Organizations deploying Vonets WiFi bridge relays and repeaters in industrial, enterprise, or operational technology environments; network administrators managing wireless infrastructure; security teams responsible for IoT/ICS device hardening; and procurement teams evaluating vendor security responsiveness.

Technical summary

The vulnerability exists in unprotected goform endpoints that fail to enforce authentication before processing sensitive administrative commands. An unauthenticated remote attacker can send crafted HTTP requests to these endpoints to trigger a factory reset, resulting in loss of availability and potential loss of confidentiality and integrity of device configuration. The attack requires no privileges, no user interaction, and is exploitable over the network with low attack complexity.

Defensive priority

HIGH

Recommended defensive actions

• Contact Vonets support directly for security updates or mitigation guidance, as the vendor has not provided patches through coordinated disclosure
• Segment affected Vonets devices from untrusted networks; restrict management interface access to dedicated administrative VLANs or jump hosts
• Monitor for unauthorized factory reset events and unexpected device reconfigurations in network logs
• Apply CISA's ICS recommended practices for network segmentation and defense-in-depth strategies for industrial control systems
• Consider replacing affected devices if vendor support remains unresponsive and security patches are unavailable

Evidence notes

The vulnerability is documented in CISA CSAF advisory ICSA-24-214-08, which identifies 16 affected product configurations across 14 Vonets WiFi bridge and repeater models. The advisory explicitly states that Vonets has not responded to CISA requests to work on mitigation. The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H yields a base score of 8.6 (HIGH).

Official resources