{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-28077", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-14T13:12:01.317Z", "dateReserved": "2024-03-03T00:00:00.000Z", "datePublished": "2024-08-26T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-26T19:29:58.213Z"}, "descriptions": [{"lang": "en", "value": "A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gl-inet.com"}, {"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-14T13:06:19.124374Z", "id": "CVE-2024-28077", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T13:12:01.317Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-28077", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-14T13:06:19.124374Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T14:15:09.597Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gl-inet.com"}, {"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md"}], "descriptions": [{"lang": "en", "value": "A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-26T19:29:58.213Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28077", "state": "PUBLISHED", "dateUpdated": "2025-03-14T13:12:01.317Z", "dateReserved": "2024-03-03T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-08-26T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt6000_firmware:4.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "5C1C6413-DB3D-4B14-9246-38AA5103615D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCDE99A6-DA15-4E4B-8C60-CCB9D580BD82", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:x3000_firmware:4.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "861A5EB1-2DFF-479C-9202-590DB6E796C9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "9479FFAA-9C87-4530-884D-B96055A3D41C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:xe3000_firmware:4.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "FB3DD919-EC2B-44CF-AEBD-4EA5A0D52552", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "265EDD5D-B879-4E8A-A6DE-400BC6273A41", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:a1300_firmware:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD782342-ED71-4BD6-97EB-330F14991957", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6DBF472-E98E-4E00-B6A0-6D8FA1678AEA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ax1800_firmware:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "5AE60C1C-957D-472A-BB66-21DA80B97099", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*", "matchCriteriaId": "BCB312FD-370C-4DF9-961F-F0C4920AA368", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:axt1800_firmware:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "AED7B3A1-7DEB-4DB0-AA6E-7D27434BD2CD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF453954-BC32-4577-8CE4-066812193495", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt2500_firmware:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C4B6800-8A1B-4522-B5E0-9CC4C09DBA2A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3ADF5BF3-0F52-4947-8BC2-3505EDEEDF28", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt3000_firmware:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "79D3F6BA-60D2-495A-8C74-7E74D3DB25A7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFF2DBFD-2AE0-41BC-B614-9836098119F4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*", "matchCriteriaId": "96241919-0E87-4966-B94F-58DA4DFDA607", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*", "matchCriteriaId": "57D82B62-F057-42A4-8530-86145AE91AC2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:x750_firmware:4.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "0CB74B0F-E141-403A-B480-5B48B9040D4E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D1EDFF0-F67C-4801-815C-309940BD7338", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:sft1200_firmware:4.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "9AE590D9-C0AB-4E3E-8E03-DBF12445AA0B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*", "matchCriteriaId": "E656351D-E06E-435F-B1E5-34B89FD8B54B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar300m_firmware:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "E53CE790-1466-4BB0-933B-33B531C0DD55", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*", "matchCriteriaId": "F040AC86-5D7A-4E57-B272-A425DDDE1698", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "83E73FCD-31F7-4BE9-8D16-FB4FDAC685BF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA3E349B-C40F-4DE6-B977-CF677B2F9814", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar750_firmware:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "993B06A2-2BB4-4EBC-904E-802001D9DFEC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*", "matchCriteriaId": "749A6936-392E-430C-ABD3-33D4C5B3D178", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar750s_firmware:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "AD8F61AA-DE3B-44DC-AE73-7D8E807F918E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F18E5F1D-55CD-4F6A-A349-90DD27B29955", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:b1300_firmware:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "5C1EDB92-F871-4F92-B5CB-9DE24A908D8C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*", "matchCriteriaId": "A47EFE3F-D217-469E-BEE6-5D78037C71C3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt1300_firmware:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "CE0558E6-FAC8-4569-9AA4-C96823E591C8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*", "matchCriteriaId": "5CECA41F-E807-4234-8C41-477DE132210E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "F5BB0698-5585-4511-88EA-7C265EF22F10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "797DD304-0AF8-4E2C-8F72-ADF31B8AD6F4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de denegaci\u00f3n de servicio en ciertos dispositivos GL-iNet. Algunos sitios web pueden detectar dispositivos expuestos a la red externa a trav\u00e9s de DDNS y, en consecuencia, obtener las direcciones IP y los puertos de los dispositivos que est\u00e1n expuestos. Al utilizar nombres de usuario especiales y caracteres especiales (como medio par\u00e9ntesis o corchetes), se puede llamar a la interfaz de inicio de sesi\u00f3n y provocar que el programa de administraci\u00f3n de sesiones falle, lo que provocar\u00e1 que los clientes no puedan iniciar sesi\u00f3n en sus dispositivos. Esto afecta a MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10 y XE300 4 .3. 16."}], "id": "CVE-2024-28077", "lastModified": "2025-03-14T14:15:14.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-26T20:15:07.733", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://gl-inet.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}