CVE-2024-37023

Vonets WiFi Bridges Command Injection

Description

Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters.

Remediation

Workaround:

  • Vonets has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information.

Category

9.4
CVSS
Severity: Critical
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.48%
Third-Party Advisory cisa.gov
Affected: Vonets VAR1200-H
Affected: Vonets VAR1200-L
Affected: Vonets VAR600-H
Affected: Vonets VAP11AC
Affected: Vonets VAP11G-500S
Affected: Vonets VBG1200
Affected: Vonets VAP11S-5G
Affected: Vonets VAP11S
Affected: Vonets VAR11N-300
Affected: Vonets VAP11G-300
Affected: Vonets VAP11N-300
Affected: Vonets VAP11G
Affected: Vonets VAP11G-500
Affected: Vonets VBG1200
Affected: Vonets VAP11AC
Affected: Vonets VGA-1000
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2024-37023?
CVE-2024-37023 has been scored as a critical severity vulnerability.
How to fix CVE-2024-37023?
As a workaround for remediating CVE-2024-37023: Vonets has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information.
Is CVE-2024-37023 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-37023 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-37023?
CVE-2024-37023 affects Vonets VAR1200-H, Vonets VAR1200-L, Vonets VAR600-H, Vonets VAP11AC, Vonets VAP11G-500S, Vonets VBG1200, Vonets VAP11S-5G, Vonets VAP11S, Vonets VAR11N-300, Vonets VAP11G-300, Vonets VAP11N-300, Vonets VAP11G, Vonets VAP11G-500, Vonets VBG1200, Vonets VAP11AC, Vonets VGA-1000.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.