Search

Find a vulnerability

Search criteria

    34 vulnerabilities found for ar300m16_firmware by gl-inet

    CVE-2026-26793 (GCVE-0-2026-26793)

    Vulnerability from nvd – Published: 2026-03-12 00:00 – Updated: 2026-03-12 19:14
    VLAI
    Summary
    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26793",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T19:13:33.624963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T19:14:06.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T18:40:03.858Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/sezangel/IOT-vul/tree/main/GL-iNet/GL-AR300M16/set_config"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-26793",
        "datePublished": "2026-03-12T00:00:00.000Z",
        "dateReserved": "2026-02-16T00:00:00.000Z",
        "dateUpdated": "2026-03-12T19:14:06.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26795 (GCVE-0-2026-26795)

    Vulnerability from nvd – Published: 2026-03-12 00:00 – Updated: 2026-03-14 03:30
    VLAI
    Summary
    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26795",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-14T03:29:30.472602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-14T03:30:31.005Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T18:00:16.936Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/sezangel/IOT-vul/tree/main/GL-iNet/GL-AR300M16/logread--get_system_log"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-26795",
        "datePublished": "2026-03-12T00:00:00.000Z",
        "dateReserved": "2026-02-16T00:00:00.000Z",
        "dateUpdated": "2026-03-14T03:30:31.005Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26794 (GCVE-0-2026-26794)

    Vulnerability from nvd – Published: 2026-03-12 00:00 – Updated: 2026-03-14 03:28
    VLAI
    Summary
    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26794",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-14T03:27:50.306582Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-14T03:28:33.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T18:09:37.700Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/sezangel/IOT-vul/tree/main/GL-iNet/GL-AR300M16/acl--add_group"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-26794",
        "datePublished": "2026-03-12T00:00:00.000Z",
        "dateReserved": "2026-02-16T00:00:00.000Z",
        "dateUpdated": "2026-03-14T03:28:33.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26792 (GCVE-0-2026-26792)

    Vulnerability from nvd – Published: 2026-03-12 00:00 – Updated: 2026-03-14 03:26
    VLAI
    Summary
    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. These vulnerabilities allow attackers to execute arbitrary commands via a crafted input.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26792",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-14T03:25:25.041587Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-14T03:26:25.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. These vulnerabilities allow attackers to execute arbitrary commands via a crafted input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T18:06:13.785Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/sezangel/IOT-vul/tree/main/GL-iNet/GL-AR300M16/set_upgrade"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-26792",
        "datePublished": "2026-03-12T00:00:00.000Z",
        "dateReserved": "2026-02-16T00:00:00.000Z",
        "dateUpdated": "2026-03-14T03:26:25.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26791 (GCVE-0-2026-26791)

    Vulnerability from nvd – Published: 2026-03-12 00:00 – Updated: 2026-03-14 03:23
    VLAI
    Summary
    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-14T03:22:11.679660Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-14T03:23:33.407Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T18:01:15.727Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/sezangel/IOT-vul/tree/main/GL-iNet/GL-AR300M16/enable_echo_server"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-26791",
        "datePublished": "2026-03-12T00:00:00.000Z",
        "dateReserved": "2026-02-16T00:00:00.000Z",
        "dateUpdated": "2026-03-14T03:23:33.407Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-45263 (GCVE-0-2024-45263)

    Vulnerability from nvd – Published: 2024-10-24 00:00 – Updated: 2024-10-28 18:52
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45263",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T18:34:32.730872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T18:52:30.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:21:28.712Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Upload%20to%20ovpn_upload%20via%20Upload%20Interface.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45263",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T18:52:30.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45262 (GCVE-0-2024-45262)

    Vulnerability from nvd – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:22
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45262",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:21:47.832625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:22:25.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:19:54.001Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Improper%20Pathname%20Restriction%20Leading%20to%20Path%20Traversal%20in%20Restricted%20Directories.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45262",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:22:25.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45261 (GCVE-0-2024-45261)

    Vulnerability from nvd – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:19
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45261",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:12:05.989024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:19:59.290Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application\u0027s authentication procedures, they can generate a valid SID, escalate privileges, and gain full control."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:18:25.796Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypassing%20Login%20Mechanism%20with%20Passwordless%20User%20Login.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45261",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:19:59.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45260 (GCVE-0-2024-45260)

    Vulnerability from nvd – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:27
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45260",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:24:33.863289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:27:01.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:11:10.715Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Unauthorized%20Access%20to%20File%20Download%20and%20Upload%20Interfaces.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45260",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:27:01.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45259 (GCVE-0-2024-45259)

    Vulnerability from nvd – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:38
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45259",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:31:51.013958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-326",
                    "description": "CWE-326 Inadequate Encryption Strength",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:38:53.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:09:41.653Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Delete%20Any%20File%20via%20Download%20Interface.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45259",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:38:53.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28077 (GCVE-0-2024-28077)

    Vulnerability from nvd – Published: 2024-08-26 00:00 – Updated: 2025-03-14 13:12
    VLAI
    Summary
    A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28077",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-14T13:06:19.124374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-14T13:12:01.317Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-26T19:29:58.213Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gl-inet.com"
            },
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-28077",
        "datePublished": "2024-08-26T00:00:00.000Z",
        "dateReserved": "2024-03-03T00:00:00.000Z",
        "dateUpdated": "2025-03-14T13:12:01.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39229 (GCVE-0-2024-39229)

    Vulnerability from nvd – Published: 2024-08-06 00:00 – Updated: 2024-11-21 18:43
    VLAI
    Summary
    An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39229",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-08T15:41:13.508119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-924",
                    "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T18:43:08.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-15T15:34:59.730Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/DDNS%20data%20is%20not%20encrypted.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-39229",
        "datePublished": "2024-08-06T00:00:00.000Z",
        "dateReserved": "2024-06-21T00:00:00.000Z",
        "dateUpdated": "2024-11-21T18:43:08.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39227 (GCVE-0-2024-39227)

    Vulnerability from nvd – Published: 2024-08-06 00:00 – Updated: 2024-08-15 15:40
    VLAI
    Summary
    GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-mt2500 Affected: 4.5.16
        cpe:2.3:a:gl-inet:gl-mt2500:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-axt1800 Affected: 4.5.16
        cpe:2.3:a:gl-inet:gl-axt1800:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-ax1800 Affected: 4.5.16
        cpe:2.3:a:gl-inet:gl-ax1800:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-a1300 Affected: 4.5.16
        cpe:2.3:a:gl-inet:gl-a1300:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b Affected: 4.5.16
        cpe:2.3:a:gl-inet:gl-x300b:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300 Affected: 4.3.16
        cpe:2.3:a:gl-inet:gl-xe300:4.3.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-e750 Affected: 4.3.12
        cpe:2.3:a:gl-inet:gl-e750:4.3.12:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-ap1300 Affected: 4.3.13
        cpe:2.3:a:gl-inet:gl-ap1300:4.3.13:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-s1300 Affected: 4.3.13
        cpe:2.3:a:gl-inet:gl-s1300:4.3.13:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe3000 Affected: 4.4
        cpe:2.3:a:gl-inet:gl-xe3000:4.4:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x3000 Affected: 4.4
        cpe:2.3:a:gl-inet:gl-x3000:4.4:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-ar750 Affected: 4.3.11
        cpe:2.3:a:gl-inet:gl-ar750:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-ar750s Affected: 4.3.11
        cpe:2.3:a:gl-inet:gl-ar750s:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-ar300m Affected: 4.3.11
        cpe:2.3:a:gl-inet:gl-ar300m:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-ar300m16 Affected: 4.3.11
        cpe:2.3:a:gl-inet:gl-ar300m16:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-ar300n-v2 Affected: 4.3.11
        cpe:2.3:a:gl-inet:gl-ar300n-v2:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-b1300 Affected: 4.3.11
        cpe:2.3:a:gl-inet:gl-b1300:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt1300 Affected: 4.3.11
        cpe:2.3:a:gl-inet:gl-mt1300:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-sft1200 Affected: 4.3.11
        cpe:2.3:a:gl-inet:gl-sft1200:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750 Affected: 4.3.11
        cpe:2.3:a:gl-inet:gl-x750:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt3000 Affected: 4.5.16
        cpe:2.3:a:gl-inet:gl-mt3000:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-mt2500:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt2500",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-axt1800:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-axt1800",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-ax1800:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-ax1800",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-a1300:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-a1300",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-x300b:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-xe300:4.3.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-e750:4.3.12:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-e750",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-ap1300:4.3.13:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-ap1300",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-s1300:4.3.13:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-s1300",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-xe3000:4.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe3000",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-x3000:4.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x3000",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-ar750:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-ar750",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-ar750s:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-ar750s",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-ar300m:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-ar300m",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-ar300m16:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-ar300m16",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-ar300n-v2:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-ar300n-v2",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-b1300:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b1300",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-mt1300:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt1300",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-sft1200:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-sft1200",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-x750:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:gl-inet:gl-mt3000:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt3000",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39227",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-07T14:01:03.559592Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-75",
                    "description": "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:56:43.943Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-15T15:40:35.188Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20library%20without%20logging%20in.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-39227",
        "datePublished": "2024-08-06T00:00:00.000Z",
        "dateReserved": "2024-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-15T15:40:35.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39228 (GCVE-0-2024-39228)

    Vulnerability from nvd – Published: 2024-08-06 00:00 – Updated: 2024-08-15 15:36
    VLAI
    Summary
    GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet x750_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet sft1200_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar300m_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar300m16_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar750_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar750s_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet b1300_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt1300_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt300n-v2_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ap1300_firmware Affected: 3.217
        cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet b2200_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mv1000_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mv1000w_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet usb150_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet sf1200_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet n300_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet s1300_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.5.8
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.5.8:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet a1300_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet x300b_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ax1800_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt2500_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt3000_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet x3000_firmware Affected: 4.4.8
        cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet xe300_firmware Affected: 4.4.8
        cpe:2.3:o:gl-inet:xe300_firmware:4.4.8:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet xe300_firmware Affected: 4.3.16
        cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet e750_firmware Affected: 4.3.12
        cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sft1200_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar300m_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar300m16_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar750s_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "b1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt300n-v2_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ap1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.217"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "b2200_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mv1000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mv1000w_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usb150_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sf1200_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "n300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "s1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.5.8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ax1800_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt2500_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "x3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.4.8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:xe300_firmware:4.4.8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.4.8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "e750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.12"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39228",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-08T14:17:52.681206Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T14:46:57.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-15T15:36:52.684Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Ovpn%20interface%20shell%20injection.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-39228",
        "datePublished": "2024-08-06T00:00:00.000Z",
        "dateReserved": "2024-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-15T15:36:52.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39226 (GCVE-0-2024-39226)

    Vulnerability from nvd – Published: 2024-08-06 00:00 – Updated: 2024-11-12 17:08
    VLAI
    Summary
    GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39226",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-16T16:17:15.444790Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T17:08:43.264Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-15T15:44:08.680Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/s2s%20interface%20shell%20injection.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-39226",
        "datePublished": "2024-08-06T00:00:00.000Z",
        "dateReserved": "2024-06-21T00:00:00.000Z",
        "dateUpdated": "2024-11-12T17:08:43.264Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39225 (GCVE-0-2024-39225)

    Vulnerability from nvd – Published: 2024-08-06 00:00 – Updated: 2024-08-15 15:31
    VLAI
    Summary
    GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet mt6000_firmware Affected: 4.5.8
        cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet a1300_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet x300b_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ax1800_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet axt1800_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt2500_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt3000_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet x3000_firmware Affected: 4.4.8
        cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet xe3000_firmware Affected: 4.4.8
        cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet xe300_firmware Affected: 4.3.16
        cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet e750_firmware Affected: 4.3.12
        cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet x750_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet sft1200_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar300m_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar300m16_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar750_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar750s_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet b1300_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt1300_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt300n-v2_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ap1300_firmware Affected: 3.217
        cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet b2200_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mv1000_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mv1000w_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet usb150_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet sf1200_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet n300_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet s1300_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ax1800_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "axt1800_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt2500_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "x3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.4.8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xe3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.4.8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "e750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sft1200_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar300m_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar300m16_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar750s_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "b1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt300n-v2_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ap1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.217"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "b2200_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mv1000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mv1000w_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usb150_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sf1200_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "n300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "s1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39225",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-08T14:48:57.143782Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-307",
                    "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T15:09:56.428Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-15T15:31:54.275Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypass%20the%20login%20mechanism.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-39225",
        "datePublished": "2024-08-06T00:00:00.000Z",
        "dateReserved": "2024-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-15T15:31:54.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-26793 (GCVE-0-2026-26793)

    Vulnerability from cvelistv5 – Published: 2026-03-12 00:00 – Updated: 2026-03-12 19:14
    VLAI
    Summary
    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26793",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T19:13:33.624963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T19:14:06.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T18:40:03.858Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/sezangel/IOT-vul/tree/main/GL-iNet/GL-AR300M16/set_config"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-26793",
        "datePublished": "2026-03-12T00:00:00.000Z",
        "dateReserved": "2026-02-16T00:00:00.000Z",
        "dateUpdated": "2026-03-12T19:14:06.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26794 (GCVE-0-2026-26794)

    Vulnerability from cvelistv5 – Published: 2026-03-12 00:00 – Updated: 2026-03-14 03:28
    VLAI
    Summary
    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26794",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-14T03:27:50.306582Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-14T03:28:33.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T18:09:37.700Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/sezangel/IOT-vul/tree/main/GL-iNet/GL-AR300M16/acl--add_group"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-26794",
        "datePublished": "2026-03-12T00:00:00.000Z",
        "dateReserved": "2026-02-16T00:00:00.000Z",
        "dateUpdated": "2026-03-14T03:28:33.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26795 (GCVE-0-2026-26795)

    Vulnerability from cvelistv5 – Published: 2026-03-12 00:00 – Updated: 2026-03-14 03:30
    VLAI
    Summary
    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26795",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-14T03:29:30.472602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-14T03:30:31.005Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T18:00:16.936Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/sezangel/IOT-vul/tree/main/GL-iNet/GL-AR300M16/logread--get_system_log"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-26795",
        "datePublished": "2026-03-12T00:00:00.000Z",
        "dateReserved": "2026-02-16T00:00:00.000Z",
        "dateUpdated": "2026-03-14T03:30:31.005Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26791 (GCVE-0-2026-26791)

    Vulnerability from cvelistv5 – Published: 2026-03-12 00:00 – Updated: 2026-03-14 03:23
    VLAI
    Summary
    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-14T03:22:11.679660Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-14T03:23:33.407Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T18:01:15.727Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/sezangel/IOT-vul/tree/main/GL-iNet/GL-AR300M16/enable_echo_server"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-26791",
        "datePublished": "2026-03-12T00:00:00.000Z",
        "dateReserved": "2026-02-16T00:00:00.000Z",
        "dateUpdated": "2026-03-14T03:23:33.407Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26792 (GCVE-0-2026-26792)

    Vulnerability from cvelistv5 – Published: 2026-03-12 00:00 – Updated: 2026-03-14 03:26
    VLAI
    Summary
    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. These vulnerabilities allow attackers to execute arbitrary commands via a crafted input.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26792",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-14T03:25:25.041587Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-14T03:26:25.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. These vulnerabilities allow attackers to execute arbitrary commands via a crafted input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T18:06:13.785Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/sezangel/IOT-vul/tree/main/GL-iNet/GL-AR300M16/set_upgrade"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-26792",
        "datePublished": "2026-03-12T00:00:00.000Z",
        "dateReserved": "2026-02-16T00:00:00.000Z",
        "dateUpdated": "2026-03-14T03:26:25.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-45263 (GCVE-0-2024-45263)

    Vulnerability from cvelistv5 – Published: 2024-10-24 00:00 – Updated: 2024-10-28 18:52
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45263",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T18:34:32.730872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T18:52:30.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:21:28.712Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Upload%20to%20ovpn_upload%20via%20Upload%20Interface.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45263",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T18:52:30.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45260 (GCVE-0-2024-45260)

    Vulnerability from cvelistv5 – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:27
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45260",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:24:33.863289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:27:01.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:11:10.715Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Unauthorized%20Access%20to%20File%20Download%20and%20Upload%20Interfaces.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45260",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:27:01.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45261 (GCVE-0-2024-45261)

    Vulnerability from cvelistv5 – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:19
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45261",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:12:05.989024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:19:59.290Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application\u0027s authentication procedures, they can generate a valid SID, escalate privileges, and gain full control."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:18:25.796Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypassing%20Login%20Mechanism%20with%20Passwordless%20User%20Login.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45261",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:19:59.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45259 (GCVE-0-2024-45259)

    Vulnerability from cvelistv5 – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:38
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45259",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:31:51.013958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-326",
                    "description": "CWE-326 Inadequate Encryption Strength",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:38:53.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:09:41.653Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Delete%20Any%20File%20via%20Download%20Interface.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45259",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:38:53.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45262 (GCVE-0-2024-45262)

    Vulnerability from cvelistv5 – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:22
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45262",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:21:47.832625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:22:25.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:19:54.001Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Improper%20Pathname%20Restriction%20Leading%20to%20Path%20Traversal%20in%20Restricted%20Directories.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45262",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:22:25.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28077 (GCVE-0-2024-28077)

    Vulnerability from cvelistv5 – Published: 2024-08-26 00:00 – Updated: 2025-03-14 13:12
    VLAI
    Summary
    A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28077",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-14T13:06:19.124374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-14T13:12:01.317Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-26T19:29:58.213Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gl-inet.com"
            },
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-28077",
        "datePublished": "2024-08-26T00:00:00.000Z",
        "dateReserved": "2024-03-03T00:00:00.000Z",
        "dateUpdated": "2025-03-14T13:12:01.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39229 (GCVE-0-2024-39229)

    Vulnerability from cvelistv5 – Published: 2024-08-06 00:00 – Updated: 2024-11-21 18:43
    VLAI
    Summary
    An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39229",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-08T15:41:13.508119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-924",
                    "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T18:43:08.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-15T15:34:59.730Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/DDNS%20data%20is%20not%20encrypted.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-39229",
        "datePublished": "2024-08-06T00:00:00.000Z",
        "dateReserved": "2024-06-21T00:00:00.000Z",
        "dateUpdated": "2024-11-21T18:43:08.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39225 (GCVE-0-2024-39225)

    Vulnerability from cvelistv5 – Published: 2024-08-06 00:00 – Updated: 2024-08-15 15:31
    VLAI
    Summary
    GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet mt6000_firmware Affected: 4.5.8
        cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet a1300_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet x300b_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ax1800_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet axt1800_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt2500_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt3000_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet x3000_firmware Affected: 4.4.8
        cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet xe3000_firmware Affected: 4.4.8
        cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet xe300_firmware Affected: 4.3.16
        cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet e750_firmware Affected: 4.3.12
        cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet x750_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet sft1200_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar300m_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar300m16_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar750_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar750s_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet b1300_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt1300_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt300n-v2_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ap1300_firmware Affected: 3.217
        cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet b2200_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mv1000_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mv1000w_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet usb150_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet sf1200_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet n300_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet s1300_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ax1800_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "axt1800_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt2500_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "x3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.4.8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xe3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.4.8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "e750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sft1200_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar300m_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar300m16_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar750s_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "b1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt300n-v2_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ap1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.217"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "b2200_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mv1000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mv1000w_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usb150_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sf1200_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "n300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "s1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39225",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-08T14:48:57.143782Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-307",
                    "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T15:09:56.428Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-15T15:31:54.275Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypass%20the%20login%20mechanism.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-39225",
        "datePublished": "2024-08-06T00:00:00.000Z",
        "dateReserved": "2024-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-15T15:31:54.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39228 (GCVE-0-2024-39228)

    Vulnerability from cvelistv5 – Published: 2024-08-06 00:00 – Updated: 2024-08-15 15:36
    VLAI
    Summary
    GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet x750_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet sft1200_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar300m_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar300m16_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar750_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ar750s_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet b1300_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt1300_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt300n-v2_firmware Affected: 4.3.11
        cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ap1300_firmware Affected: 3.217
        cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet b2200_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mv1000_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mv1000w_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet usb150_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet sf1200_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet n300_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet s1300_firmware Affected: 3.216
        cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.5.8
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.5.8:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet a1300_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet x300b_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet ax1800_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt2500_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet mt3000_firmware Affected: 4.5.16
        cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet x3000_firmware Affected: 4.4.8
        cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet xe300_firmware Affected: 4.4.8
        cpe:2.3:o:gl-inet:xe300_firmware:4.4.8:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet xe300_firmware Affected: 4.3.16
        cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet e750_firmware Affected: 4.3.12
        cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sft1200_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar300m_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar300m16_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ar750s_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "b1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt300n-v2_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ap1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.217"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "b2200_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mv1000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mv1000w_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usb150_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sf1200_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "n300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "s1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.216"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.5.8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a1300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ax1800_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt2500_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "x3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.4.8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:xe300_firmware:4.4.8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.4.8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "e750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.3.12"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39228",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-08T14:17:52.681206Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T14:46:57.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-15T15:36:52.684Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Ovpn%20interface%20shell%20injection.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-39228",
        "datePublished": "2024-08-06T00:00:00.000Z",
        "dateReserved": "2024-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-15T15:36:52.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }