An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.
History

Thu, 15 Aug 2024 16:45:00 +0000

Type Values Removed Values Added
References

Mon, 12 Aug 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Gl-inet
Gl-inet a1300
Gl-inet a1300 Firmware
Gl-inet ap1300
Gl-inet ap1300 Firmware
Gl-inet ar300m
Gl-inet ar300m16
Gl-inet ar300m16 Firmware
Gl-inet ar300m Firmware
Gl-inet ar750
Gl-inet ar750 Firmware
Gl-inet ar750s
Gl-inet ar750s Firmware
Gl-inet ax1800
Gl-inet ax1800 Firmware
Gl-inet axt1800
Gl-inet axt1800 Firmware
Gl-inet b1300
Gl-inet b1300 Firmware
Gl-inet b2200
Gl-inet b2200 Firmware
Gl-inet e750
Gl-inet e750 Firmware
Gl-inet mt1300
Gl-inet mt1300 Firmware
Gl-inet mt2500
Gl-inet mt2500 Firmware
Gl-inet mt3000
Gl-inet mt3000 Firmware
Gl-inet mt300n-v2
Gl-inet mt300n-v2 Firmware
Gl-inet mt6000
Gl-inet mt6000 Firmware
Gl-inet mv1000
Gl-inet mv1000 Firmware
Gl-inet mv1000w
Gl-inet mv1000w Firmware
Gl-inet n300
Gl-inet n300 Firmware
Gl-inet s1300
Gl-inet s1300 Firmware
Gl-inet sf1200
Gl-inet sf1200 Firmware
Gl-inet sft1200
Gl-inet sft1200 Firmware
Gl-inet usb150
Gl-inet usb150 Firmware
Gl-inet x3000
Gl-inet x3000 Firmware
Gl-inet x300b
Gl-inet x300b Firmware
Gl-inet x750
Gl-inet x750 Firmware
Gl-inet xe300
Gl-inet xe3000
Gl-inet xe3000 Firmware
Gl-inet xe300 Firmware
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ap1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b2200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000w:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:n300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:s1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sf1200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:usb150:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*
Vendors & Products Gl-inet
Gl-inet a1300
Gl-inet a1300 Firmware
Gl-inet ap1300
Gl-inet ap1300 Firmware
Gl-inet ar300m
Gl-inet ar300m16
Gl-inet ar300m16 Firmware
Gl-inet ar300m Firmware
Gl-inet ar750
Gl-inet ar750 Firmware
Gl-inet ar750s
Gl-inet ar750s Firmware
Gl-inet ax1800
Gl-inet ax1800 Firmware
Gl-inet axt1800
Gl-inet axt1800 Firmware
Gl-inet b1300
Gl-inet b1300 Firmware
Gl-inet b2200
Gl-inet b2200 Firmware
Gl-inet e750
Gl-inet e750 Firmware
Gl-inet mt1300
Gl-inet mt1300 Firmware
Gl-inet mt2500
Gl-inet mt2500 Firmware
Gl-inet mt3000
Gl-inet mt3000 Firmware
Gl-inet mt300n-v2
Gl-inet mt300n-v2 Firmware
Gl-inet mt6000
Gl-inet mt6000 Firmware
Gl-inet mv1000
Gl-inet mv1000 Firmware
Gl-inet mv1000w
Gl-inet mv1000w Firmware
Gl-inet n300
Gl-inet n300 Firmware
Gl-inet s1300
Gl-inet s1300 Firmware
Gl-inet sf1200
Gl-inet sf1200 Firmware
Gl-inet sft1200
Gl-inet sft1200 Firmware
Gl-inet usb150
Gl-inet usb150 Firmware
Gl-inet x3000
Gl-inet x3000 Firmware
Gl-inet x300b
Gl-inet x300b Firmware
Gl-inet x750
Gl-inet x750 Firmware
Gl-inet xe300
Gl-inet xe3000
Gl-inet xe3000 Firmware
Gl-inet xe300 Firmware
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N'}


Thu, 08 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 06 Aug 2024 17:00:00 +0000

Type Values Removed Values Added
Description An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-06T00:00:00

Updated: 2024-08-15T15:34:59.730690

Reserved: 2024-06-21T00:00:00

Link: CVE-2024-39229

cve-icon Vulnrichment

Updated: 2024-08-08T15:38:49.761Z

cve-icon NVD

Status : Modified

Published: 2024-08-06T17:15:54.027

Modified: 2024-08-15T16:15:19.953

Link: CVE-2024-39229

cve-icon Redhat

No data.