{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-39227", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-15T15:40:35.188511", "dateReserved": "2024-06-21T00:00:00", "datePublished": "2024-08-06T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-15T15:40:35.188511"}, "descriptions": [{"lang": "en", "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20library%20without%20logging%20in.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-75", "lang": "en", "description": "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)"}]}], "affected": [{"vendor": "gl-inet", "product": "gl-mt2500", "cpes": ["cpe:2.3:a:gl-inet:gl-mt2500:4.5.16:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.5.16", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-axt1800", "cpes": ["cpe:2.3:a:gl-inet:gl-axt1800:4.5.16:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.5.16", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-ax1800", "cpes": ["cpe:2.3:a:gl-inet:gl-ax1800:4.5.16:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.5.16", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-a1300", "cpes": ["cpe:2.3:a:gl-inet:gl-a1300:4.5.16:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.5.16", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-x300b", "cpes": ["cpe:2.3:a:gl-inet:gl-x300b:4.5.16:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.5.16", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-xe300", "cpes": ["cpe:2.3:a:gl-inet:gl-xe300:4.3.16:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.3.16", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-e750", "cpes": ["cpe:2.3:a:gl-inet:gl-e750:4.3.12:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.3.12", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-ap1300", "cpes": ["cpe:2.3:a:gl-inet:gl-ap1300:4.3.13:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.3.13", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-s1300", "cpes": ["cpe:2.3:a:gl-inet:gl-s1300:4.3.13:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.3.13", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-xe3000", "cpes": ["cpe:2.3:a:gl-inet:gl-xe3000:4.4:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.4", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-x3000", "cpes": ["cpe:2.3:a:gl-inet:gl-x3000:4.4:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.4", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-ar750", "cpes": ["cpe:2.3:a:gl-inet:gl-ar750:4.3.11:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.3.11", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-ar750s", "cpes": ["cpe:2.3:a:gl-inet:gl-ar750s:4.3.11:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.3.11", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-ar300m", "cpes": ["cpe:2.3:a:gl-inet:gl-ar300m:4.3.11:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.3.11", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-ar300m16", "cpes": ["cpe:2.3:a:gl-inet:gl-ar300m16:4.3.11:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.3.11", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-ar300n-v2", "cpes": ["cpe:2.3:a:gl-inet:gl-ar300n-v2:4.3.11:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.3.11", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-b1300", "cpes": ["cpe:2.3:a:gl-inet:gl-b1300:4.3.11:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.3.11", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-mt1300", "cpes": ["cpe:2.3:a:gl-inet:gl-mt1300:4.3.11:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.3.11", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-sft1200", "cpes": ["cpe:2.3:a:gl-inet:gl-sft1200:4.3.11:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.3.11", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-x750", "cpes": ["cpe:2.3:a:gl-inet:gl-x750:4.3.11:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.3.11", "status": "affected"}]}, {"vendor": "gl-inet", "product": "gl-mt3000", "cpes": ["cpe:2.3:a:gl-inet:gl-mt3000:4.5.16:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.5.16", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-07T14:01:03.559592Z", "id": "CVE-2024-39227", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-07T14:56:43.943Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-39227", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-07T14:01:03.559592Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gl-inet:gl-mt2500:4.5.16:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-mt2500", "versions": [{"status": "affected", "version": "4.5.16"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-axt1800:4.5.16:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-axt1800", "versions": [{"status": "affected", "version": "4.5.16"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-ax1800:4.5.16:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-ax1800", "versions": [{"status": "affected", "version": "4.5.16"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-a1300:4.5.16:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-a1300", "versions": [{"status": "affected", "version": "4.5.16"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-x300b:4.5.16:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-x300b", "versions": [{"status": "affected", "version": "4.5.16"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-xe300:4.3.16:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-xe300", "versions": [{"status": "affected", "version": "4.3.16"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-e750:4.3.12:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-e750", "versions": [{"status": "affected", "version": "4.3.12"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-ap1300:4.3.13:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-ap1300", "versions": [{"status": "affected", "version": "4.3.13"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-s1300:4.3.13:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-s1300", "versions": [{"status": "affected", "version": "4.3.13"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-xe3000:4.4:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-xe3000", "versions": [{"status": "affected", "version": "4.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-x3000:4.4:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-x3000", "versions": [{"status": "affected", "version": "4.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-ar750:4.3.11:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-ar750", "versions": [{"status": "affected", "version": "4.3.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-ar750s:4.3.11:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-ar750s", "versions": [{"status": "affected", "version": "4.3.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-ar300m:4.3.11:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-ar300m", "versions": [{"status": "affected", "version": "4.3.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-ar300m16:4.3.11:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-ar300m16", "versions": [{"status": "affected", "version": "4.3.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-ar300n-v2:4.3.11:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-ar300n-v2", "versions": [{"status": "affected", "version": "4.3.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-b1300:4.3.11:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-b1300", "versions": [{"status": "affected", "version": "4.3.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-mt1300:4.3.11:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-mt1300", "versions": [{"status": "affected", "version": "4.3.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-sft1200:4.3.11:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-sft1200", "versions": [{"status": "affected", "version": "4.3.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-x750:4.3.11:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-x750", "versions": [{"status": "affected", "version": "4.3.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gl-inet:gl-mt3000:4.5.16:*:*:*:*:*:*:*"], "vendor": "gl-inet", "product": "gl-mt3000", "versions": [{"status": "affected", "version": "4.5.16"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-75", "description": "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-07T14:56:19.289Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20library%20without%20logging%20in.md"}], "descriptions": [{"lang": "en", "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-15T15:40:35.188511"}}}, "cveMetadata": {"cveId": "CVE-2024-39227", "state": "PUBLISHED", "dateUpdated": "2024-08-15T15:40:35.188511", "dateReserved": "2024-06-21T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-08-06T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "25FB0820-4ABA-4998-86BB-878B17468245", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCDE99A6-DA15-4E4B-8C60-CCB9D580BD82", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "72ECCE6C-E44B-4165-8FB6-55008C376274", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6DBF472-E98E-4E00-B6A0-6D8FA1678AEA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "FBA22E2A-8C0B-44D4-917F-4A929C266AD3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2AA4BAC-C6D1-42C0-94E9-5B05AC24A235", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "C75FBC4F-7547-47F4-8577-FA31CF9A95EA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*", "matchCriteriaId": "BCB312FD-370C-4DF9-961F-F0C4920AA368", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "43114B40-C368-435A-91EC-B4666CC691CB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF453954-BC32-4577-8CE4-066812193495", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "5222AC63-91C6-4B99-8FDD-2CCFD1CA66EF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3ADF5BF3-0F52-4947-8BC2-3505EDEEDF28", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "70AC521D-2DE4-4B7F-846D-A945A5EC0931", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFF2DBFD-2AE0-41BC-B614-9836098119F4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "95C80395-9A66-4952-8259-89623C5EC065", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "9479FFAA-9C87-4530-884D-B96055A3D41C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "1123CE79-1C08-4408-A19A-DC1A4E74DA91", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "265EDD5D-B879-4E8A-A6DE-400BC6273A41", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*", "matchCriteriaId": "96241919-0E87-4966-B94F-58DA4DFDA607", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*", "matchCriteriaId": "57D82B62-F057-42A4-8530-86145AE91AC2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "D99FD7EE-B736-452B-B0F4-B045592023B7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D3590B0-7F4B-49C2-BE77-57AD27A91018", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "61925658-3785-4E1C-B1B3-2F88B3F5FE52", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D1EDFF0-F67C-4801-815C-309940BD7338", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "2E77ACF4-385E-48CB-87FC-F631A04ACBE5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*", "matchCriteriaId": "E656351D-E06E-435F-B1E5-34B89FD8B54B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "6FC51E4D-9784-4264-83BF-CB7DF70087E6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*", "matchCriteriaId": "F040AC86-5D7A-4E57-B272-A425DDDE1698", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "FD9AA29E-C1C0-4F18-AB85-DA8285B74EE3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA3E349B-C40F-4DE6-B977-CF677B2F9814", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "3C49C8A1-EA3A-4954-95C1-7691EEF6A532", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*", "matchCriteriaId": "749A6936-392E-430C-ABD3-33D4C5B3D178", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "E3AC5207-7130-4B6A-A8E3-763050749DFA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F18E5F1D-55CD-4F6A-A349-90DD27B29955", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "0D132DF3-58FC-4F9B-9518-B668A9564D97", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*", "matchCriteriaId": "A47EFE3F-D217-469E-BEE6-5D78037C71C3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "8E513879-5A56-4B91-913D-7C68B7323B8C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*", "matchCriteriaId": "5CECA41F-E807-4234-8C41-477DE132210E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "96D4CCC3-BFB2-449D-8947-FDDC722F15F6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "797DD304-0AF8-4E2C-8F72-ADF31B8AD6F4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*", "matchCriteriaId": "24CFCB1B-1AA2-4D05-9545-D8864517F52E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ap1300:-:*:*:*:*:*:*:*", "matchCriteriaId": "72D7EFDB-E10E-4D75-ABE2-CC3CE321F584", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*", "matchCriteriaId": "C725432A-2F3B-46F9-B705-34ECC4299FED", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:b2200:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBB4C645-59AA-4682-A487-C0DB2CF0A4F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*", "matchCriteriaId": "3C1BD239-D370-4F14-A6B2-2C078170ECEB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mv1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FB8DF06-507E-4933-ABAD-1FB7D70CD3C2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*", "matchCriteriaId": "C6E3539B-172C-4AF3-AD1E-AED4937F1BB0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mv1000w:-:*:*:*:*:*:*:*", "matchCriteriaId": "23E9E6FC-346D-4D58-BD4E-84A81722A155", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*", "matchCriteriaId": "FABD5B0B-9763-4020-8858-1B67FACB125A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:usb150:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCBDE54D-5475-41A6-8E17-EFF445B3C2F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*", "matchCriteriaId": "0C5D0C75-04DE-4315-9980-E8F31AE6F261", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:sf1200:-:*:*:*:*:*:*:*", "matchCriteriaId": "40F5BAAA-AE8C-41F3-8C41-B0223BDB4314", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*", "matchCriteriaId": "AF760DF0-D192-4FF8-BC24-F9F71EA365F6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:n300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F805B376-E08F-4D66-A301-59EF92E4082B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*", "matchCriteriaId": "F83CD9FC-F9BE-4B76-B387-AA2588631780", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:s1300:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8B6BB55-8107-490B-90FD-F7EE3A89C7D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data."}, {"lang": "es", "value": "Productos GL-iNet AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4. 3.16, E750 v4. 3.12, AP1300/S1300 v4.3.13 y XE3000/X3000 v4.4 conten\u00edan una vulnerabilidad de inyecci\u00f3n de shell a trav\u00e9s de la interfaz check_ovpn_client_config."}], "id": "CVE-2024-39227", "lastModified": "2024-08-15T16:15:19.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-06T17:15:53.943", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20library%20without%20logging%20in.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-75"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}