CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
16.8%
An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.
Vendor | Product | Version | CPE |
---|---|---|---|
gl-inet | mt6000_firmware | 4.5.8 | cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:* |
gl-inet | mt6000 | - | cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:* |
gl-inet | a1300_firmware | 4.5.16 | cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:* |
gl-inet | a1300 | - | cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:* |
gl-inet | x300b_firmware | 4.5.16 | cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:* |
gl-inet | x300b | - | cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:* |
gl-inet | ax1800_firmware | 4.5.16 | cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:* |
gl-inet | ax1800 | - | cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:* |
gl-inet | axt1800_firmware | 4.5.16 | cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:* |
gl-inet | axt1800 | - | cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:* |