Lucene search

[email protected]NVD:CVE-2024-39225

HistoryAug 06, 2024 - 4:15 p.m.

CVE-2024-39225

2024-08-0616:15:48

CWE-307

[email protected]

web.nvd.nist.gov

gl-inet

rce

vulnerability

remote code execution

ar750

ar300m

mt300n-v2

b1300

ax1800

sft1200

x750

mt1300

mt3000

axt1800

xe300

e750

ap1300

s1300

xe3000

x3000

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.8%

JSON

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.

Affected configurations

Nvd

Node

gl-inetmt6000_firmwareMatch4.5.8

AND

gl-inetmt6000Match-

Node

gl-ineta1300_firmwareMatch4.5.16

AND

gl-ineta1300Match-

Node

gl-inetx300b_firmwareMatch4.5.16

AND

gl-inetx300bMatch-

Node

gl-inetax1800_firmwareMatch4.5.16

AND

gl-inetax1800Match-

Node

gl-inetaxt1800_firmwareMatch4.5.16

AND

gl-inetaxt1800Match-

Node

gl-inetmt2500_firmwareMatch4.5.16

AND

gl-inetmt2500Match-

Node

gl-inetmt3000_firmwareMatch4.5.16

AND

gl-inetmt3000Match-

Node

gl-inetx3000_firmwareMatch4.4.8

AND

gl-inetx3000Match-

Node

gl-inetxe3000_firmwareMatch4.4.8

AND

gl-inetxe3000Match-

Node

gl-inetxe300_firmwareMatch4.3.16

AND

gl-inetxe300Match-

Node

gl-inete750_firmwareMatch4.3.12

AND

gl-inete750Match-

Node

gl-inetx750_firmwareMatch4.3.11

AND

gl-inetx750Match-

Node

gl-inetsft1200_firmwareMatch4.3.11

AND

gl-inetsft1200Match-

Node

gl-inetar300m_firmwareMatch4.3.11

AND

gl-inetar300mMatch-

Node

gl-inetar300m16_firmwareMatch4.3.11

AND

gl-inetar300m16Match-

Node

gl-inetar750_firmwareMatch4.3.11

AND

gl-inetar750Match-

Node

gl-inetar750s_firmwareMatch4.3.11

AND

gl-inetar750sMatch-

Node

gl-inetb1300_firmwareMatch4.3.11

AND

gl-inetb1300Match-

Node

gl-inetmt1300_firmwareMatch4.3.11

AND

gl-inetmt1300Match-

Node

gl-inetmt300n-v2_firmwareMatch4.3.11

AND

gl-inetmt300n-v2Match-

Node

gl-inetap1300_firmwareMatch3.217

AND

gl-inetap1300Match-

Node

gl-inetb2200_firmwareMatch3.216

AND

gl-inetb2200Match-

Node

gl-inetmv1000_firmwareMatch3.216

AND

gl-inetmv1000Match-

Node

gl-inetmv1000w_firmwareMatch3.216

AND

gl-inetmv1000wMatch-

Node

gl-inetusb150_firmwareMatch3.216

AND

gl-inetusb150Match-

Node

gl-inetsf1200_firmwareMatch3.216

AND

gl-inetsf1200Match-

Node

gl-inetn300_firmwareMatch3.216

AND

gl-inetn300Match-

Node

gl-inets1300_firmwareMatch3.216

AND

gl-inets1300Match-

VendorProductVersionCPE
gl-inetmt6000_firmware4.5.8cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*
gl-inetmt6000-cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*
gl-ineta1300_firmware4.5.16cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*
gl-ineta1300-cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*
gl-inetx300b_firmware4.5.16cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*
gl-inetx300b-cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*
gl-inetax1800_firmware4.5.16cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*
gl-inetax1800-cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*
gl-inetaxt1800_firmware4.5.16cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*
gl-inetaxt1800-cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gl-inet	mt6000_firmware	4.5.8	cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:::::::*
gl-inet	mt6000	-	cpe:2.3:h:gl-inet:mt6000:-:::::::*
gl-inet	a1300_firmware	4.5.16	cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:::::::*
gl-inet	a1300	-	cpe:2.3:h:gl-inet:a1300:-:::::::*
gl-inet	x300b_firmware	4.5.16	cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:::::::*
gl-inet	x300b	-	cpe:2.3:h:gl-inet:x300b:-:::::::*
gl-inet	ax1800_firmware	4.5.16	cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:::::::*
gl-inet	ax1800	-	cpe:2.3:h:gl-inet:ax1800:-:::::::*
gl-inet	axt1800_firmware	4.5.16	cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:::::::*
gl-inet	axt1800	-	cpe:2.3:h:gl-inet:axt1800:-:::::::*

Rows per page:

1-10 of 561

References

github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypass%20the%20login%20mechanism.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.8%

JSON

Related for NVD:CVE-2024-39225

cvelist1 vulnrichment1 cve1