Vonets WiFi Bridges

Act Now10ICS-CERT ICSA-24-214-08Aug 1, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Vonets WiFi bridges contain multiple critical vulnerabilities affecting models VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, and VGA-1000 running firmware version 3.3.23.6.9 and earlier. The vulnerabilities include hardcoded credentials (CWE-798), insufficient access control (CWE-284), path traversal (CWE-22), command injection (CWE-77), improper error handling (CWE-703), stack-based buffer overflow (CWE-121), and race conditions (CWE-425). Exploitation could allow remote attackers to execute arbitrary code, disclose sensitive information, or cause denial-of-service conditions on the affected bridge devices.

What this means

What could happen

An attacker could remotely execute commands on your WiFi bridges, potentially gaining control over network connectivity for critical operational technology devices or causing service disruption. This could isolate SCADA systems, RTUs, or PLCs that depend on the bridge for communication.

Who's at risk

Water and electric utilities using Vonets WiFi bridges for connecting field devices, RTUs, remote sensors, or wireless access to SCADA systems. This includes all Vonets bridge models (VAR series, VAP series, VBG, VGA). Any organization using these devices as network infrastructure for OT systems should assess their deployment locations and accessibility.

How it could be exploited

An attacker on the network (or internet if the bridge is exposed) can exploit hardcoded credentials or other authentication weaknesses to access the bridge management interface. From there, command injection or buffer overflow flaws allow execution of arbitrary code with full device privileges, giving the attacker control over network traffic passing through the bridge or the ability to pivot into connected OT networks.

Prerequisites

Network access to the WiFi bridge (direct connection or reachable via IP network)
Knowledge of hardcoded credentials or exploitation of authentication bypass vulnerabilities
Access to bridge management interface (web UI or API) or local network to trigger command injection

Remotely exploitable over networkNo authentication required (hardcoded credentials)Low complexity attackNo patch available from vendorAffects network infrastructure supporting control systemsCVSS 10 (critical severity)

Exploitability

Moderate exploit probability (EPSS 3.2%)

Affected products (14)

14 EOL

ProductAffected VersionsFix Status

VAR1200-H: <=3.3.23.6.9≤ 3.3.23.6.9No fix (EOL)

VAR600-H: <=3.3.23.6.9≤ 3.3.23.6.9No fix (EOL)

VAR11N-300: <=3.3.23.6.9≤ 3.3.23.6.9No fix (EOL)

VAP11G-500: <=3.3.23.6.9≤ 3.3.23.6.9No fix (EOL)

VAR1200-L: <=3.3.23.6.9≤ 3.3.23.6.9No fix (EOL)

VAP11AC: <=3.3.23.6.9≤ 3.3.23.6.9No fix (EOL)

VAP11G-500S: <=3.3.23.6.9≤ 3.3.23.6.9No fix (EOL)

VBG1200: <=3.3.23.6.9≤ 3.3.23.6.9No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/3

HARDENINGIsolate Vonets WiFi bridges from internet exposure—ensure they are not accessible from outside your facility network and block inbound traffic to bridge management ports from untrusted networks.

HARDENINGPlace all WiFi bridges behind a firewall and on a physically or logically segmented network separate from business IT systems and the internet.

WORKAROUNDDisable remote management access (web UI, SSH, Telnet) on WiFi bridges if not required for daily operations; if required, restrict access to specific authorized workstations only.

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor for and block unexpected configuration changes, user access attempts, or traffic patterns on affected WiFi bridges using network monitoring tools.

WORKAROUNDContact Vonets support to inquire about updated firmware versions or timeline for security patches; do not wait passively.

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: VAR1200-H: <=3.3.23.6.9, VAR600-H: <=3.3.23.6.9, VAR11N-300: <=3.3.23.6.9, VAP11G-500: <=3.3.23.6.9, VAR1200-L: <=3.3.23.6.9, VAP11AC: <=3.3.23.6.9, VAP11G-500S: <=3.3.23.6.9, VBG1200: <=3.3.23.6.9, VAP11S-5G: <=3.3.23.6.9, VAP11S: <=3.3.23.6.9, VAP11G-300: <=3.3.23.6.9, VAP11N-300: <=3.3.23.6.9, VAP11G: <=3.3.23.6.9, VGA-1000: <=3.3.23.6.9. Apply the following compensating controls:

HARDENINGEvaluate replacement of affected Vonets bridges with alternative WiFi bridge products from vendors with active security support and patching practices.

CVEs (7)

CVE-2024-41161 CVE-2024-29082 CVE-2024-41936 CVE-2024-37023 CVE-2024-39815 CVE-2024-39791 CVE-2024-42001

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b7a921d9-d876-4cb3-8335-58eaffbd1560