CVE-2024-39227
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
43.8%
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gl-inet | mt6000_firmware | 4.5.8 | cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:* |
| gl-inet | mt6000 | - | cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:* |
| gl-inet | a1300_firmware | 4.5.16 | cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:* |
| gl-inet | a1300 | - | cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:* |
| gl-inet | x300b_firmware | 4.5.16 | cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:* |
| gl-inet | x300b | - | cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:* |
| gl-inet | ax1800_firmware | 4.5.16 | cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:* |
| gl-inet | ax1800 | - | cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:* |
| gl-inet | axt1800_firmware | 4.5.16 | cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:* |
| gl-inet | axt1800 | - | cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
43.8%