Skip to main content

Vap11G 300 Firmware CVE-2024-46327

MEDIUM
Path Traversal (CWE-22)
2024-09-26 cve@mitre.org
5.7
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
5.7 MEDIUM
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 26, 2024 - 14:15 cve.org
MEDIUM 5.7

DescriptionCVE.org

An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal.

AnalysisAI

An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal. Affected products include: Vonets Vap11G-300 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2024-39791 CRITICAL
10.0 Aug 12

Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, so

CVE-2024-39815 CRITICAL
9.4 Aug 12

Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wi

CVE-2024-37023 CRITICAL
9.4 Aug 12

Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters,

CVE-2024-29082 HIGH
8.8 Aug 12

Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software

CVE-2024-41936 HIGH
8.7 Aug 12

A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software v

CVE-2024-41161 HIGH
8.7 Aug 08

Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, so

CVE-2024-46329 HIGH
8.0 Sep 26

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object.

CVE-2024-46328 HIGH
8.0 Sep 26

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts,

CVE-2024-46330 HIGH
7.4 Sep 26

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun

CVE-2024-42001 MEDIUM
6.1 Aug 12

An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, softw

Share

CVE-2024-46327 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy