Detections
Analytics

CVE-2024-37023

critical

Description

Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

https://securityonline.info/cisa-warns-critical-vulnerabilities-in-vonets-wifi-bridge-devices-no-patch-available

Details

Source: Mitre, NVD

Published: 2024-08-12

Updated: 2024-08-20

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.4

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Severity: Critical

EPSS

EPSS: 0.0045