Login Sign Up

CVE-2024-46328

8.0 HIGH
Authentication Bypass

📋 TL;DR

VONETS VAP11G-300 devices contain hardcoded credentials for privileged accounts including root, allowing attackers to gain administrative access. This affects all users of VAP11G-300 devices running vulnerable firmware versions. Attackers can completely compromise the device and potentially pivot to connected networks.

💻 Affected Systems

Products:
  • VONETS VAP11G-300
Versions: v3.3.23.6.9 and likely earlier versions
Operating Systems: Embedded Linux firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the affected firmware are vulnerable by default. The hardcoded credentials are embedded in the firmware image.

📦 What is this software?

Vap11g 300 Firmware by Vonets

View all CVEs affecting Vap11g 300 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover, credential harvesting, network pivoting to internal systems, persistent backdoor installation, and data exfiltration.

🟠

Likely Case

Unauthorized administrative access to the device, configuration changes, network traffic interception, and potential use as a foothold for further attacks.

🟢

If Mitigated

Limited to device compromise only if network segmentation prevents lateral movement and device has no sensitive data.

🌐 Internet-Facing: HIGH - Devices exposed to the internet can be directly attacked using the hardcoded credentials.
🏢 Internal Only: MEDIUM - Internal attackers or malware with network access could exploit this to gain device control.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only knowledge of the hardcoded credentials and network access to the device's management interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: Yes

Instructions:

1. Check vendor website for firmware updates. 2. Download latest firmware. 3. Upload via device web interface. 4. Reboot device. 5. Verify credentials have been changed.

🔧 Temporary Workarounds

Change Default Credentials

linux

Manually change all default passwords including root and admin accounts

ssh root@device_ip
passwd
admin password change via web interface

Network Segmentation

all

Isolate VAP11G-300 devices from critical networks

🧯 If You Can't Patch

  • Remove devices from internet-facing positions
  • Implement strict network access controls and monitor for authentication attempts

🔍 How to Verify

Check if Vulnerable:

Attempt SSH login with default credentials or check firmware version in web interface

Check Version:

ssh root@device_ip 'cat /etc/version' or check web interface System Status page

Verify Fix Applied:

Verify firmware version is newer than v3.3.23.6.9 and test that default credentials no longer work

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts followed by successful root/admin login
  • SSH connections from unexpected sources

Network Indicators:

  • SSH/Telnet connections to device management ports
  • Unusual outbound connections from device

SIEM Query:

source_ip="device_ip" AND (event_type="authentication" AND result="success") AND user IN ("root", "admin")

📊 Metadata

CVE ID: CVE-2024-46328
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-259
Published: September 26, 2024
Last Updated: May 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46328, you might also want to check these:

CVE-2025-20286 9.9

A critical vulnerability in Cisco ISE cloud deployments allows unauthenticated attackers to access s...

Same vulnerability type (CWE-259)
CVE-2024-33625 9.8

CyberPower PowerPanel Business application contains a hard-coded JWT signing key, allowing attackers...

Same vulnerability type (CWE-259)
CVE-2017-20039 9.8

CVE-2017-20039 is a critical authentication weakness in SICUNET Access Controller that allows remote...

Same vulnerability type (CWE-259)