MidnightBSD

Advisories for vonets

CVE-2024-46327

An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
vonets vap11g-300_firmware 3.3.23.6.9
CVE-2024-46328

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
vonets vap11g-300_firmware 3.3.23.6.9
CVE-2024-46329

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
vonets vap11g-300_firmware 3.3.23.6.9
CVE-2024-46330

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun object.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.5 5.9

Products Affected

Vendor Product Version
vonets vap11g-300_firmware 3.3.23.6.9