GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.
History

Tue, 12 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}


Fri, 16 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 15 Aug 2024 16:45:00 +0000

Type Values Removed Values Added
References

Thu, 15 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
Description GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data. GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.

Wed, 07 Aug 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Gl-inet
Gl-inet a1300
Gl-inet a1300 Firmware
Gl-inet ap1300
Gl-inet ap1300 Firmware
Gl-inet ar300m
Gl-inet ar300m16
Gl-inet ar300m16 Firmware
Gl-inet ar300m Firmware
Gl-inet ar750
Gl-inet ar750 Firmware
Gl-inet ar750s
Gl-inet ar750s Firmware
Gl-inet ax1800
Gl-inet ax1800 Firmware
Gl-inet axt1800
Gl-inet axt1800 Firmware
Gl-inet b1300
Gl-inet b1300 Firmware
Gl-inet b2200
Gl-inet b2200 Firmware
Gl-inet e750
Gl-inet e750 Firmware
Gl-inet mt1300
Gl-inet mt1300 Firmware
Gl-inet mt2500
Gl-inet mt2500 Firmware
Gl-inet mt3000
Gl-inet mt3000 Firmware
Gl-inet mt300n-v2
Gl-inet mt300n-v2 Firmware
Gl-inet mt6000
Gl-inet mt6000 Firmware
Gl-inet mv1000
Gl-inet mv1000 Firmware
Gl-inet mv1000w
Gl-inet mv1000w Firmware
Gl-inet n300
Gl-inet n300 Firmware
Gl-inet s1300
Gl-inet s1300 Firmware
Gl-inet sf1200
Gl-inet sf1200 Firmware
Gl-inet sft1200
Gl-inet sft1200 Firmware
Gl-inet usb150
Gl-inet usb150 Firmware
Gl-inet x3000
Gl-inet x3000 Firmware
Gl-inet x300b
Gl-inet x300b Firmware
Gl-inet x750
Gl-inet x750 Firmware
Gl-inet xe300
Gl-inet xe3000
Gl-inet xe3000 Firmware
Gl-inet xe300 Firmware
Weaknesses CWE-22
CPEs cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ap1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b2200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000w:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:n300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:s1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sf1200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:usb150:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*
Vendors & Products Gl-inet
Gl-inet a1300
Gl-inet a1300 Firmware
Gl-inet ap1300
Gl-inet ap1300 Firmware
Gl-inet ar300m
Gl-inet ar300m16
Gl-inet ar300m16 Firmware
Gl-inet ar300m Firmware
Gl-inet ar750
Gl-inet ar750 Firmware
Gl-inet ar750s
Gl-inet ar750s Firmware
Gl-inet ax1800
Gl-inet ax1800 Firmware
Gl-inet axt1800
Gl-inet axt1800 Firmware
Gl-inet b1300
Gl-inet b1300 Firmware
Gl-inet b2200
Gl-inet b2200 Firmware
Gl-inet e750
Gl-inet e750 Firmware
Gl-inet mt1300
Gl-inet mt1300 Firmware
Gl-inet mt2500
Gl-inet mt2500 Firmware
Gl-inet mt3000
Gl-inet mt3000 Firmware
Gl-inet mt300n-v2
Gl-inet mt300n-v2 Firmware
Gl-inet mt6000
Gl-inet mt6000 Firmware
Gl-inet mv1000
Gl-inet mv1000 Firmware
Gl-inet mv1000w
Gl-inet mv1000w Firmware
Gl-inet n300
Gl-inet n300 Firmware
Gl-inet s1300
Gl-inet s1300 Firmware
Gl-inet sf1200
Gl-inet sf1200 Firmware
Gl-inet sft1200
Gl-inet sft1200 Firmware
Gl-inet usb150
Gl-inet usb150 Firmware
Gl-inet x3000
Gl-inet x3000 Firmware
Gl-inet x300b
Gl-inet x300b Firmware
Gl-inet x750
Gl-inet x750 Firmware
Gl-inet xe300
Gl-inet xe3000
Gl-inet xe3000 Firmware
Gl-inet xe300 Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-06T00:00:00

Updated: 2024-11-12T17:08:43.264Z

Reserved: 2024-06-21T00:00:00

Link: CVE-2024-39226

cve-icon Vulnrichment

Updated: 2024-08-16T16:17:22.555Z

cve-icon NVD

Status : Modified

Published: 2024-08-06T16:15:48.757

Modified: 2024-11-12T17:35:08.293

Link: CVE-2024-39226

cve-icon Redhat

No data.