CVE-2024-39225

CRITICAL

9.8

Beschreibung

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht8/6/2024

Zuletzt geandert8/15/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

gl-inet:a1300gl-inet:a1300_firmwaregl-inet:ap1300gl-inet:ap1300_firmwaregl-inet:ar300mgl-inet:ar300m16gl-inet:ar300m16_firmwaregl-inet:ar300m_firmwaregl-inet:ar750gl-inet:ar750_firmwaregl-inet:ar750sgl-inet:ar750s_firmwaregl-inet:ax1800gl-inet:ax1800_firmwaregl-inet:axt1800gl-inet:axt1800_firmwaregl-inet:b1300gl-inet:b1300_firmwaregl-inet:b2200gl-inet:b2200_firmwaregl-inet:e750gl-inet:e750_firmwaregl-inet:mt1300gl-inet:mt1300_firmwaregl-inet:mt2500gl-inet:mt2500_firmwaregl-inet:mt3000gl-inet:mt3000_firmwaregl-inet:mt300n-v2gl-inet:mt300n-v2_firmwaregl-inet:mt6000gl-inet:mt6000_firmwaregl-inet:mv1000gl-inet:mv1000_firmwaregl-inet:mv1000wgl-inet:mv1000w_firmwaregl-inet:n300gl-inet:n300_firmwaregl-inet:s1300gl-inet:s1300_firmwaregl-inet:sf1200gl-inet:sf1200_firmwaregl-inet:sft1200gl-inet:sft1200_firmwaregl-inet:usb150gl-inet:usb150_firmwaregl-inet:x3000gl-inet:x3000_firmwaregl-inet:x300bgl-inet:x300b_firmwaregl-inet:x750gl-inet:x750_firmwaregl-inet:xe300gl-inet:xe3000gl-inet:xe3000_firmwaregl-inet:xe300_firmware

Schwachen (CWE)

CWE-307CWE-307

Referenzen

https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypass%20the%20login%20mechanism.md(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.