PT-2024-5761 · Vonets · Vonets Industrial Wifi Bridge Relays+1
Wodzen
·
Published
2024-08-01
·
Updated
2024-08-20
·
CVE-2024-41161
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters versions 3.3.23.6.9 and prior
Description
The issue exists due to the presence of hard-coded credentials in the application code. This allows a remote attacker to bypass authentication using the hard-coded administrator credentials, which cannot be disabled.
Recommendations
For versions 3.3.23.6.9 and prior, update the software to a version that does not contain the hard-coded credentials vulnerability. As a temporary workaround, consider changing the default credentials on all devices to minimize the risk of exploitation. Restrict access to the administrator accounts to prevent unauthorized access until a patch is available.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vonets Industrial Wifi Bridge Relays
Vonets Industrial Wifi Bridge Repeaters