CVE-2024-42001

Vonets WiFi Bridges Forced Browsing

Description

An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session.

Remediation

Workaround:

  • Vonets has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information.

Category

6.1
CVSS
Severity: Medium
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.37%
Third-Party Advisory cisa.gov
Affected: Vonets VAR1200-H
Affected: Vonets VAR1200-L
Affected: Vonets VAR600-H
Affected: Vonets VAP11AC
Affected: Vonets VAP11G-500S
Affected: Vonets VBG1200
Affected: Vonets VAP11S-5G
Affected: Vonets VAP11S
Affected: Vonets VAR11N-300
Affected: Vonets VAP11G-300
Affected: Vonets VAP11N-300
Affected: Vonets VAP11G
Affected: Vonets VAP11G-500
Affected: Vonets VBG1200
Affected: Vonets VAP11AC
Affected: Vonets VGA-1000
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2024-42001?
CVE-2024-42001 has been scored as a medium severity vulnerability.
How to fix CVE-2024-42001?
As a workaround for remediating CVE-2024-42001: Vonets has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information.
Is CVE-2024-42001 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-42001 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42001?
CVE-2024-42001 affects Vonets VAR1200-H, Vonets VAR1200-L, Vonets VAR600-H, Vonets VAP11AC, Vonets VAP11G-500S, Vonets VBG1200, Vonets VAP11S-5G, Vonets VAP11S, Vonets VAR11N-300, Vonets VAP11G-300, Vonets VAP11N-300, Vonets VAP11G, Vonets VAP11G-500, Vonets VBG1200, Vonets VAP11AC, Vonets VGA-1000.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.