GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data.
History

Thu, 15 Aug 2024 16:45:00 +0000

Type Values Removed Values Added
References

Thu, 15 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
Description GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config. GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data.

Mon, 12 Aug 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Gl-inet a1300
Gl-inet a1300 Firmware
Gl-inet ap1300
Gl-inet ap1300 Firmware
Gl-inet ar300m
Gl-inet ar300m16
Gl-inet ar300m16 Firmware
Gl-inet ar300m Firmware
Gl-inet ar750
Gl-inet ar750 Firmware
Gl-inet ar750s
Gl-inet ar750s Firmware
Gl-inet ax1800
Gl-inet ax1800 Firmware
Gl-inet axt1800
Gl-inet axt1800 Firmware
Gl-inet b1300
Gl-inet b1300 Firmware
Gl-inet b2200
Gl-inet b2200 Firmware
Gl-inet e750
Gl-inet e750 Firmware
Gl-inet mt1300
Gl-inet mt1300 Firmware
Gl-inet mt2500
Gl-inet mt2500 Firmware
Gl-inet mt3000
Gl-inet mt3000 Firmware
Gl-inet mt300n-v2
Gl-inet mt300n-v2 Firmware
Gl-inet mt6000
Gl-inet mt6000 Firmware
Gl-inet mv1000
Gl-inet mv1000 Firmware
Gl-inet mv1000w
Gl-inet mv1000w Firmware
Gl-inet n300
Gl-inet n300 Firmware
Gl-inet s1300
Gl-inet s1300 Firmware
Gl-inet sf1200
Gl-inet sf1200 Firmware
Gl-inet sft1200
Gl-inet sft1200 Firmware
Gl-inet usb150
Gl-inet usb150 Firmware
Gl-inet x3000
Gl-inet x3000 Firmware
Gl-inet x300b
Gl-inet x300b Firmware
Gl-inet x750
Gl-inet x750 Firmware
Gl-inet xe300
Gl-inet xe3000
Gl-inet xe3000 Firmware
Gl-inet xe300 Firmware
Weaknesses CWE-74
CPEs cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ap1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b2200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000w:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:n300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:s1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sf1200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:usb150:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*
Vendors & Products Gl-inet a1300
Gl-inet a1300 Firmware
Gl-inet ap1300
Gl-inet ap1300 Firmware
Gl-inet ar300m
Gl-inet ar300m16
Gl-inet ar300m16 Firmware
Gl-inet ar300m Firmware
Gl-inet ar750
Gl-inet ar750 Firmware
Gl-inet ar750s
Gl-inet ar750s Firmware
Gl-inet ax1800
Gl-inet ax1800 Firmware
Gl-inet axt1800
Gl-inet axt1800 Firmware
Gl-inet b1300
Gl-inet b1300 Firmware
Gl-inet b2200
Gl-inet b2200 Firmware
Gl-inet e750
Gl-inet e750 Firmware
Gl-inet mt1300
Gl-inet mt1300 Firmware
Gl-inet mt2500
Gl-inet mt2500 Firmware
Gl-inet mt3000
Gl-inet mt3000 Firmware
Gl-inet mt300n-v2
Gl-inet mt300n-v2 Firmware
Gl-inet mt6000
Gl-inet mt6000 Firmware
Gl-inet mv1000
Gl-inet mv1000 Firmware
Gl-inet mv1000w
Gl-inet mv1000w Firmware
Gl-inet n300
Gl-inet n300 Firmware
Gl-inet s1300
Gl-inet s1300 Firmware
Gl-inet sf1200
Gl-inet sf1200 Firmware
Gl-inet sft1200
Gl-inet sft1200 Firmware
Gl-inet usb150
Gl-inet usb150 Firmware
Gl-inet x3000
Gl-inet x3000 Firmware
Gl-inet x300b
Gl-inet x300b Firmware
Gl-inet x750
Gl-inet x750 Firmware
Gl-inet xe300
Gl-inet xe3000
Gl-inet xe3000 Firmware
Gl-inet xe300 Firmware

Wed, 07 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Gl-inet
Gl-inet gl-a1300
Gl-inet gl-ap1300
Gl-inet gl-ar300m
Gl-inet gl-ar300m16
Gl-inet gl-ar300n-v2
Gl-inet gl-ar750
Gl-inet gl-ar750s
Gl-inet gl-ax1800
Gl-inet gl-axt1800
Gl-inet gl-b1300
Gl-inet gl-e750
Gl-inet gl-mt1300
Gl-inet gl-mt2500
Gl-inet gl-mt3000
Gl-inet gl-s1300
Gl-inet gl-sft1200
Gl-inet gl-x3000
Gl-inet gl-x300b
Gl-inet gl-x750
Gl-inet gl-xe300
Gl-inet gl-xe3000
Weaknesses CWE-75
CPEs cpe:2.3:a:gl-inet:gl-a1300:4.5.16:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-ap1300:4.3.13:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-ar300m16:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-ar300m:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-ar300n-v2:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-ar750:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-ar750s:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-ax1800:4.5.16:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-axt1800:4.5.16:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-b1300:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-e750:4.3.12:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-mt1300:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-mt2500:4.5.16:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-mt3000:4.5.16:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-s1300:4.3.13:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-sft1200:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-x3000:4.4:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-x300b:4.5.16:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-x750:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-xe3000:4.4:*:*:*:*:*:*:*
cpe:2.3:a:gl-inet:gl-xe300:4.3.16:*:*:*:*:*:*:*
Vendors & Products Gl-inet
Gl-inet gl-a1300
Gl-inet gl-ap1300
Gl-inet gl-ar300m
Gl-inet gl-ar300m16
Gl-inet gl-ar300n-v2
Gl-inet gl-ar750
Gl-inet gl-ar750s
Gl-inet gl-ax1800
Gl-inet gl-axt1800
Gl-inet gl-b1300
Gl-inet gl-e750
Gl-inet gl-mt1300
Gl-inet gl-mt2500
Gl-inet gl-mt3000
Gl-inet gl-s1300
Gl-inet gl-sft1200
Gl-inet gl-x3000
Gl-inet gl-x300b
Gl-inet gl-x750
Gl-inet gl-xe300
Gl-inet gl-xe3000
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 06 Aug 2024 17:15:00 +0000

Type Values Removed Values Added
Description GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-06T00:00:00

Updated: 2024-08-15T15:40:35.188511

Reserved: 2024-06-21T00:00:00

Link: CVE-2024-39227

cve-icon Vulnrichment

Updated: 2024-08-07T14:56:19.289Z

cve-icon NVD

Status : Modified

Published: 2024-08-06T17:15:53.943

Modified: 2024-08-15T16:15:19.650

Link: CVE-2024-39227

cve-icon Redhat

No data.