CVE-2024-41936

Vonets WiFi Bridges Path Traversal

Description

A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to read arbitrary files and bypass authentication.

Remediation

Workaround:

  • Vonets has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information.

Category

8.7
CVSS
Severity: High
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.94% Top 25%
Third-Party Advisory cisa.gov
Affected: Vonets VAR1200-H
Affected: Vonets VAR1200-L
Affected: Vonets VAR600-H
Affected: Vonets VAP11AC
Affected: Vonets VAP11G-500S
Affected: Vonets VBG1200
Affected: Vonets VAP11S-5G
Affected: Vonets VAP11S
Affected: Vonets VAR11N-300
Affected: Vonets VAP11G-300
Affected: Vonets VAP11N-300
Affected: Vonets VAP11G
Affected: Vonets VAP11G-500
Affected: Vonets VBG1200
Affected: Vonets VAP11AC
Affected: Vonets VGA-1000
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2024-41936?
CVE-2024-41936 has been scored as a high severity vulnerability.
How to fix CVE-2024-41936?
As a workaround for remediating CVE-2024-41936: Vonets has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information.
Is CVE-2024-41936 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-41936 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-41936?
CVE-2024-41936 affects Vonets VAR1200-H, Vonets VAR1200-L, Vonets VAR600-H, Vonets VAP11AC, Vonets VAP11G-500S, Vonets VBG1200, Vonets VAP11S-5G, Vonets VAP11S, Vonets VAR11N-300, Vonets VAP11G-300, Vonets VAP11N-300, Vonets VAP11G, Vonets VAP11G-500, Vonets VBG1200, Vonets VAP11AC, Vonets VGA-1000.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.