CVE-2024-42001

MEDIUM Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-425
View all →

Vulnerability Description

An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session.

Related Vulnerabilities

CVE-2017-14244

CRITICAL
CVSS:9.8(Critical)

An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs wit...

CWE-4252017

CVE-2017-17736

CRITICAL
CVSS:9.8(Critical)

Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashbo...

CWE-4252017

CVE-2018-18922

CRITICAL
CVSS:9.8(Critical)

add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.

CWE-4252018

CVE-2018-19207

CRITICAL
CVSS:9.8(Critical)

The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited i...

CWE-4252018

CVE-2018-6624

CRITICAL
CVSS:9.8(Critical)

OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html.

CWE-4252018

CVE-2019-12768

CRITICAL
CVSS:9.8(Critical)

An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing.

CWE-4252019