Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2024-29082

CVE-2024-29082: Vonets VAR1200-H Auth Bypass Vulnerability

CVE-2024-29082 is an authentication bypass flaw in Vonets VAR1200-H firmware affecting versions 3.3.23.6.9 and earlier, allowing attackers to reset devices remotely. This article covers technical details, impact, and mitigations.

Published:

CVE-2024-29082 Overview

CVE-2024-29082 is an improper access control vulnerability [CWE-284] affecting Vonets industrial WiFi bridge relays and WiFi bridge repeaters running firmware version 3.3.23.6.9 and prior. The flaw exposes unprotected goform endpoints that do not enforce authentication checks. An unauthenticated remote attacker reachable over the network can invoke these endpoints to bypass authentication and trigger a factory reset of the device. Successful exploitation wipes device configuration and disrupts industrial WiFi connectivity. The vulnerability impacts a broad range of Vonets industrial models, including the VAR1200-H, VAR1200-L, VAR600-H, VBG1200, VAP11AC, VAP11G series, VAP11S series, VAR11N-300, and VGA-1000.

Critical Impact

Unauthenticated remote attackers can factory reset affected Vonets industrial WiFi bridges, causing loss of configuration and operational disruption.

Affected Products

  • Vonets VAR1200-H, VAR1200-L, VAR600-H industrial WiFi bridge relays (firmware 3.3.23.6.9 and prior)
  • Vonets VAP11AC, VAP11G-500S, VAP11G-300, VAP11G-500, VAP11G, VAP11N-300, VAP11S, VAP11S-5G WiFi bridge repeaters
  • Vonets VBG1200, VAR11N-300, VGA-1000 bridge devices

Discovery Timeline

  • 2024-08-12 - CVE-2024-29082 published to NVD
  • 2024-08-20 - Last updated in NVD database

Technical Details for CVE-2024-29082

Vulnerability Analysis

The vulnerability resides in the web management interface of affected Vonets WiFi bridge devices. The HTTP server exposes several goform endpoints that handle administrative operations, including factory reset functionality. These endpoints fail to validate session tokens or any authentication state before processing incoming requests. Any client capable of reaching the device on its management network can submit a request to the reset endpoint and force the device back to factory defaults.

Factory reset operations on industrial WiFi bridges erase wireless configuration, bridge mappings, static routes, and any operator-defined parameters. In operational technology (OT) deployments, this translates to immediate loss of connectivity between bridged industrial assets. Devices remain offline until administrators physically reconfigure them.

Root Cause

The root cause is missing authorization enforcement on sensitive goform HTTP handlers. The firmware accepts and processes administrative actions without verifying that the requester holds a valid authenticated session. This is a classic CWE-284 Improper Access Control flaw — the authentication mechanism exists for the web UI, but selected backend endpoints are not gated by it.

Attack Vector

Exploitation requires only network access to the device management interface. No user interaction or credentials are needed. An attacker sends a crafted HTTP request to the vulnerable goform factory-reset endpoint over the LAN or, where the management interface is exposed, the WAN. The device processes the request and returns to factory defaults. Refer to the CISA ICS Advisory ICSA-24-214-08 for the official advisory details.

Detection Methods for CVE-2024-29082

Indicators of Compromise

  • Unexpected factory reset events on Vonets bridge devices, evidenced by loss of custom SSIDs, bridge configurations, and default IP addresses reappearing
  • HTTP requests to /goform/ paths originating from untrusted internal hosts or external IP addresses
  • Sudden loss of connectivity from devices behind a Vonets bridge, followed by the bridge becoming reachable at its default management address

Detection Strategies

  • Monitor north-south and east-west traffic to industrial WiFi bridges for HTTP POST/GET requests targeting goform endpoints from unauthorized sources
  • Implement network baselining to alert when bridge device configurations revert to factory defaults
  • Correlate ICS/OT segment traffic logs with device availability metrics to identify abrupt configuration loss

Monitoring Recommendations

  • Deploy passive OT network monitoring to capture HTTP requests directed at Vonets management interfaces
  • Forward syslog and SNMP traps from bridge devices, where supported, to a centralized SIEM for correlation
  • Track device uptime and configuration hashes to detect unexpected resets

How to Mitigate CVE-2024-29082

Immediate Actions Required

  • Restrict network access to Vonets bridge management interfaces using firewall rules or VLAN segmentation, allowing only trusted administrative hosts
  • Ensure affected devices are not exposed to the public internet
  • Inventory all Vonets devices and identify those running firmware 3.3.23.6.9 or earlier
  • Contact Vonets for updated firmware addressing the unprotected goform endpoints

Patch Information

At the time of NVD publication, the CISA ICS Advisory ICSA-24-214-08 is the authoritative reference for remediation guidance. Apply any firmware update released by Vonets that supersedes version 3.3.23.6.9 and addresses the improper access control on the goform endpoints.

Workarounds

  • Place affected devices behind a properly segmented OT network with strict ingress filtering to the management interface
  • Block external access to TCP port 80 and any other management ports on Vonets bridges at the perimeter firewall
  • Where feasible, disable the web management interface when not actively in use and rely on out-of-band administration
  • Apply ACLs on upstream switches to limit which source IPs can reach the bridge management address

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne