CVE-2024-39815

Description

Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to pre-authentication resources can crash the service.

CVSS v3.1 Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Weakness Type (CWE)

CWE-703 CWE-703

Affected Products

Vendor	Product	Versions
vonets	var1200-h_firmware	< 3.3.23.6.9
vonets	var1200-h	All
vonets	var1200-l_firmware	< 3.3.23.6.9
vonets	var1200-l	All
vonets	var600-h_firmware	< 3.3.23.6.9
vonets	var600-h	All
vonets	vap11ac_firmware	< 3.3.23.6.9
vonets	vap11ac	All
vonets	vap11g-500s_firmware	< 3.3.23.6.9
vonets	vap11g-500s	All
vonets	vbg1200_firmware	< 3.3.23.6.9
vonets	vbg1200	All
vonets	vap11s-5g_firmware	< 3.3.23.6.9
vonets	vap11s-5g	All
vonets	vap11s_firmware	< 3.3.23.6.9
vonets	vap11s	All
vonets	var11n-300_firmware	< 3.3.23.6.9
vonets	var11n-300	All
vonets	vap11g-300_firmware	< 3.3.23.6.9
vonets	vap11g-300	All
vonets	vap11n-300_firmware	< 3.3.23.6.9
vonets	vap11n-300	All
vonets	vap11g_firmware	< 3.3.23.6.9
vonets	vap11g	All
vonets	vap11g-500_firmware	< 3.3.23.6.9
vonets	vap11g-500	All
vonets	vga-1000_firmware	< 3.3.23.6.9
vonets	vga-1000	All

References

Other References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

Frequently Asked Questions

What is CVE-2024-39815? +

Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to pre-authentication resources can crash the service. It has a CVSS v3.1 base score of 9.1 (CRITICAL).

How severe is CVE-2024-39815? +

CVE-2024-39815 has a CVSS v3.1 score of 9.1 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.

What products are affected by CVE-2024-39815? +

CVE-2024-39815 affects products from vonets, specifically: vap11ac, vap11ac_firmware, vap11g, vap11g-300, vap11g-300_firmware, vap11g-500, vap11g-500_firmware, vap11g-500s, vap11g-500s_firmware, vap11g_firmware, vap11n-300, vap11n-300_firmware, vap11s, vap11s-5g, vap11s-5g_firmware, vap11s_firmware, var11n-300, var11n-300_firmware, var1200-h, var1200-h_firmware, var1200-l, var1200-l_firmware, var600-h, var600-h_firmware, vbg1200, vbg1200_firmware, vga-1000, vga-1000_firmware. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-39815? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-24371

CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the `blocksync` protocol peers send their `base` and …

CVE-2025-13021 9.8

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

CVE-2025-13023 9.8

Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and …

CVE-2024-21894 9.8

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated …

CVE-2025-13022 9.8