CVE-2024-39226

2024-08-0600:00:00

mitre

www.cve.org

gl-inet products

code execution

/cgi-bin/glc

directory traversal

json data

permissions

cve-2024-39226

EPSS

0.002

Percentile

52.0%

JSON

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.

References

github.com/gl-inet/CVE-issues/blob/main/4.0.0/s2s%20interface%20shell%20injection.md

EPSS

0.002

Percentile

52.0%

JSON

Related for CVELIST:CVE-2024-39226