CVE-2024-39815

CRITICAL

Vonets Var1200-h Firmware < 3.3.23.6.9 - Denial of Service

Title source: rule

Description

Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to pre-authentication resources can crash the service.

References (1)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

Scores

CVSS v3 9.1

EPSS 0.0078

EPSS Percentile 73.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-703

Status published

Products (14)

vonets/vap11ac_firmware < 3.3.23.6.9

vonets/vap11g-300_firmware < 3.3.23.6.9

vonets/vap11g-500_firmware < 3.3.23.6.9

vonets/vap11g-500s_firmware < 3.3.23.6.9

vonets/vap11g_firmware < 3.3.23.6.9

vonets/vap11n-300_firmware < 3.3.23.6.9

vonets/vap11s-5g_firmware < 3.3.23.6.9

vonets/vap11s_firmware < 3.3.23.6.9

vonets/var11n-300_firmware < 3.3.23.6.9

vonets/var1200-h_firmware < 3.3.23.6.9

... and 4 more

Published Aug 12, 2024

Tracked Since Feb 18, 2026