PatchSiren cyber security CVE debrief
CVE-2024-37023 Vonets CVE debrief
Multiple OS command injection vulnerabilities in Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters allow authenticated remote attackers to execute arbitrary OS commands via various endpoint parameters. The vulnerability affects software versions 3.3.23.6.9 and prior across 14 product models. CISA published this advisory on August 1, 2024, and assigned a CVSS 3.1 score of 9.1 (Critical). Vonets has not responded to CISA's requests to coordinate mitigation; users must contact Vonets support directly for assistance.
- Vendor
- Vonets
- Product
- VAR1200-H
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-08-01
- Original CVE updated
- 2024-08-01
- Advisory published
- 2024-08-01
- Advisory updated
- 2024-08-01
Who should care
Organizations deploying Vonets WiFi bridge devices in industrial, enterprise, or operational technology environments should prioritize assessment and mitigation. Network administrators responsible for wireless infrastructure, OT security teams managing industrial wireless bridges, and security operations centers monitoring for anomalous device behavior have direct stake in addressing this vulnerability. Organizations with remote or unmanned sites relying on these devices for connectivity face elevated risk due to limited physical oversight capabilities.
Technical summary
CVE-2024-37023 encompasses multiple OS command injection vulnerabilities in Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters. The vulnerabilities exist in software versions 3.3.23.6.9 and prior. An authenticated remote attacker can exploit these flaws by sending crafted requests with malicious parameters to various device endpoints, resulting in arbitrary OS command execution on the underlying system. The attack requires network access to the device and valid authentication credentials. The CVSS 3.1 score of 9.1 reflects critical severity due to complete compromise of confidentiality, integrity, and availability, with changed scope indicating potential impact beyond the vulnerable component. CISA's advisory notes that Vonets has not engaged with coordinated vulnerability disclosure efforts, leaving users without official vendor patches at time of publication.
Defensive priority
critical
Recommended defensive actions
- Contact Vonets support ([email protected]) to request security patches or mitigation guidance for affected devices
- Inventory all Vonets WiFi bridge devices in your environment and identify those running firmware version 3.3.23.6.9 or earlier
- Restrict network access to Vonets device management interfaces to authorized administrative hosts only
- Monitor for unauthorized configuration changes or suspicious network activity from Vonets devices
- Consider network segmentation to isolate affected devices from critical operational technology networks
- Apply CISA's ICS recommended practices for defense-in-depth strategies
- Review and strengthen authentication controls for device management access
Evidence notes
CISA advisory ICSA-24-214-08 documents multiple OS command injection vulnerabilities in Vonets WiFi bridge products. The advisory states Vonets has not responded to requests to work with CISA on mitigation. Affected versions are 3.3.23.6.9 and prior. The CVSS 3.1 vector is AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, indicating network attack vector, low complexity, high privileges required, no user interaction, changed scope, and high impact across confidentiality, integrity, and availability.
Official resources
-
CVE-2024-37023 CVE record
CVE.org
-
CVE-2024-37023 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-08-01