CVE-2024-41161 Vonets CVE debrief

Who should care

Operational technology security teams, industrial network administrators, critical infrastructure operators using Vonets wireless bridging equipment, and organizations with remote or distributed sites relying on these devices for network connectivity.

Technical summary

The vulnerability exists due to hard-coded administrator credentials embedded in Vonets firmware. An unauthenticated attacker with network access to the device's administrative interface can authenticate using these credentials, gaining full administrative control. The credentials cannot be changed or disabled through normal configuration means. Affected firmware versions 3.3.23.6.9 and prior span sixteen product models across multiple Vonets product lines including VAR1200-H/L, VAR600-H, VAP11AC, VAP11G variants, VAP11S variants, VAR11N-300, VAP11N-300, VBG1200, and VGA-1000.

Defensive priority

HIGH

Recommended defensive actions

• Contact Vonets support ([email protected]) to request security patch status and remediation timeline
• Inventory all Vonets VAR, VAP, VBG, and VGA series devices in operational technology environments
• Segment affected devices from untrusted networks; restrict administrative interface access to dedicated management VLANs
• Monitor for unauthorized administrative access attempts to device management interfaces
• Consider replacement of affected devices if vendor remediation is not forthcoming
• Apply CISA ICS recommended practices for defense-in-depth architecture
• Review network traffic for anomalous connections to Vonets device management ports

Evidence notes

CISA published advisory ICSA-24-214-08 on 2024-08-01 documenting hard-coded credentials in Vonets firmware versions 3.3.23.6.9 and prior. The vendor has not responded to CISA coordination requests. Sixteen product variants are affected across the VAR, VAP, VBG, and VGA product families.

Official resources