GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Gl-inet
  • A1300
  • A1300 Firmware
  • Ap1300
  • Ap1300 Firmware
  • Ar300m
  • Ar300m16
  • Ar300m16 Firmware
  • Ar300m Firmware
  • Ar750
  • Ar750 Firmware
  • Ar750s
  • Ar750s Firmware
  • Ax1800
  • Ax1800 Firmware
  • Axt1800
  • Axt1800 Firmware
  • B1300
  • B1300 Firmware
  • B2200
  • B2200 Firmware
  • E750
  • E750 Firmware
  • Mt1300
  • Mt1300 Firmware
  • Mt2500
  • Mt2500 Firmware
  • Mt3000
  • Mt3000 Firmware
  • Mt300n-v2
  • Mt300n-v2 Firmware
  • Mt6000
  • Mt6000 Firmware
  • Mv1000
  • Mv1000 Firmware
  • Mv1000w
  • Mv1000w Firmware
  • N300
  • N300 Firmware
  • S1300
  • S1300 Firmware
  • Sf1200
  • Sf1200 Firmware
  • Sft1200
  • Sft1200 Firmware
  • Usb150
  • Usb150 Firmware
  • X3000
  • X3000 Firmware
  • X300b
  • X300b Firmware
  • X750
  • X750 Firmware
  • Xe300
  • Xe3000
  • Xe3000 Firmware
  • Xe300 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ap1300:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b2200:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000w:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:usb150:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sf1200:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:n300:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND
cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:s1300:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/s2s%20interface%20shell%20injection.md cve-icon cve-icon
History

Fri, 16 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 15 Aug 2024 16:45:00 +0000

Type Values Removed Values Added
References

Thu, 15 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
Description GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data. GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.

Wed, 07 Aug 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Gl-inet
Gl-inet a1300
Gl-inet a1300 Firmware
Gl-inet ap1300
Gl-inet ap1300 Firmware
Gl-inet ar300m
Gl-inet ar300m16
Gl-inet ar300m16 Firmware
Gl-inet ar300m Firmware
Gl-inet ar750
Gl-inet ar750 Firmware
Gl-inet ar750s
Gl-inet ar750s Firmware
Gl-inet ax1800
Gl-inet ax1800 Firmware
Gl-inet axt1800
Gl-inet axt1800 Firmware
Gl-inet b1300
Gl-inet b1300 Firmware
Gl-inet b2200
Gl-inet b2200 Firmware
Gl-inet e750
Gl-inet e750 Firmware
Gl-inet mt1300
Gl-inet mt1300 Firmware
Gl-inet mt2500
Gl-inet mt2500 Firmware
Gl-inet mt3000
Gl-inet mt3000 Firmware
Gl-inet mt300n-v2
Gl-inet mt300n-v2 Firmware
Gl-inet mt6000
Gl-inet mt6000 Firmware
Gl-inet mv1000
Gl-inet mv1000 Firmware
Gl-inet mv1000w
Gl-inet mv1000w Firmware
Gl-inet n300
Gl-inet n300 Firmware
Gl-inet s1300
Gl-inet s1300 Firmware
Gl-inet sf1200
Gl-inet sf1200 Firmware
Gl-inet sft1200
Gl-inet sft1200 Firmware
Gl-inet usb150
Gl-inet usb150 Firmware
Gl-inet x3000
Gl-inet x3000 Firmware
Gl-inet x300b
Gl-inet x300b Firmware
Gl-inet x750
Gl-inet x750 Firmware
Gl-inet xe300
Gl-inet xe3000
Gl-inet xe3000 Firmware
Gl-inet xe300 Firmware
Weaknesses CWE-22
CPEs cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ap1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b2200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000w:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:n300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:s1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sf1200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:usb150:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*
Vendors & Products Gl-inet
Gl-inet a1300
Gl-inet a1300 Firmware
Gl-inet ap1300
Gl-inet ap1300 Firmware
Gl-inet ar300m
Gl-inet ar300m16
Gl-inet ar300m16 Firmware
Gl-inet ar300m Firmware
Gl-inet ar750
Gl-inet ar750 Firmware
Gl-inet ar750s
Gl-inet ar750s Firmware
Gl-inet ax1800
Gl-inet ax1800 Firmware
Gl-inet axt1800
Gl-inet axt1800 Firmware
Gl-inet b1300
Gl-inet b1300 Firmware
Gl-inet b2200
Gl-inet b2200 Firmware
Gl-inet e750
Gl-inet e750 Firmware
Gl-inet mt1300
Gl-inet mt1300 Firmware
Gl-inet mt2500
Gl-inet mt2500 Firmware
Gl-inet mt3000
Gl-inet mt3000 Firmware
Gl-inet mt300n-v2
Gl-inet mt300n-v2 Firmware
Gl-inet mt6000
Gl-inet mt6000 Firmware
Gl-inet mv1000
Gl-inet mv1000 Firmware
Gl-inet mv1000w
Gl-inet mv1000w Firmware
Gl-inet n300
Gl-inet n300 Firmware
Gl-inet s1300
Gl-inet s1300 Firmware
Gl-inet sf1200
Gl-inet sf1200 Firmware
Gl-inet sft1200
Gl-inet sft1200 Firmware
Gl-inet usb150
Gl-inet usb150 Firmware
Gl-inet x3000
Gl-inet x3000 Firmware
Gl-inet x300b
Gl-inet x300b Firmware
Gl-inet x750
Gl-inet x750 Firmware
Gl-inet xe300
Gl-inet xe3000
Gl-inet xe3000 Firmware
Gl-inet xe300 Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-06T00:00:00

Updated: 2024-08-16T16:17:29.058Z

Reserved: 2024-06-21T00:00:00

Link: CVE-2024-39226

cve-icon Vulnrichment

Updated: 2024-08-16T16:17:22.555Z

cve-icon NVD

Status : Modified

Published: 2024-08-06T16:15:48.757

Modified: 2024-08-15T16:15:19.493

Link: CVE-2024-39226

cve-icon Redhat

No data.