Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-8PWW-55PM-85VV
Vulnerability from github – Published: 2024-08-06 18:30 – Updated: 2024-08-07 21:31
VLAI
Details
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2024-39225"
],
"database_specific": {
"cwe_ids": [
"CWE-307"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-06T16:15:48Z",
"severity": "CRITICAL"
},
"details": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.",
"id": "GHSA-8pww-55pm-85vv",
"modified": "2024-08-07T21:31:44Z",
"published": "2024-08-06T18:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39225"
},
{
"type": "WEB",
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypass%20the%20login%20mechanism.md"
},
{
"type": "WEB",
"url": "http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2024-39225 (GCVE-0-2024-39225)
Vulnerability from cvelistv5 – Published: 2024-08-06 00:00 – Updated: 2024-08-15 15:31
VLAI
EPSS
Summary
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
1 reference
Impacted products
28 products
| Vendor | Product | Version | |
|---|---|---|---|
| gl-inet | mt6000_firmware |
Affected:
4.5.8
cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:* |
|
| gl-inet | a1300_firmware |
Affected:
4.5.16
cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:* |
|
| gl-inet | x300b_firmware |
Affected:
4.5.16
cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:* |
|
| gl-inet | ax1800_firmware |
Affected:
4.5.16
cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:* |
|
| gl-inet | axt1800_firmware |
Affected:
4.5.16
cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:* |
|
| gl-inet | mt2500_firmware |
Affected:
4.5.16
cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:* |
|
| gl-inet | mt3000_firmware |
Affected:
4.5.16
cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:* |
|
| gl-inet | x3000_firmware |
Affected:
4.4.8
cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:* |
|
| gl-inet | xe3000_firmware |
Affected:
4.4.8
cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:* |
|
| gl-inet | xe300_firmware |
Affected:
4.3.16
cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:* |
|
| gl-inet | e750_firmware |
Affected:
4.3.12
cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:* |
|
| gl-inet | x750_firmware |
Affected:
4.3.11
cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:* |
|
| gl-inet | sft1200_firmware |
Affected:
4.3.11
cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:* |
|
| gl-inet | ar300m_firmware |
Affected:
4.3.11
cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:* |
|
| gl-inet | ar300m16_firmware |
Affected:
4.3.11
cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:* |
|
| gl-inet | ar750_firmware |
Affected:
4.3.11
cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:* |
|
| gl-inet | ar750s_firmware |
Affected:
4.3.11
cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:* |
|
| gl-inet | b1300_firmware |
Affected:
4.3.11
cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:* |
|
| gl-inet | mt1300_firmware |
Affected:
4.3.11
cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:* |
|
| gl-inet | mt300n-v2_firmware |
Affected:
4.3.11
cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:* |
|
| gl-inet | ap1300_firmware |
Affected:
3.217
cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:* |
|
| gl-inet | b2200_firmware |
Affected:
3.216
cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:* |
|
| gl-inet | mv1000_firmware |
Affected:
3.216
cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:* |
|
| gl-inet | mv1000w_firmware |
Affected:
3.216
cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:* |
|
| gl-inet | usb150_firmware |
Affected:
3.216
cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:* |
|
| gl-inet | sf1200_firmware |
Affected:
3.216
cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:* |
|
| gl-inet | n300_firmware |
Affected:
3.216
cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:* |
|
| gl-inet | s1300_firmware |
Affected:
3.216
cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6000_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.5.8"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "a1300_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.5.16"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "x300b_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.5.16"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax1800_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.5.16"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "axt1800_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.5.16"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2500_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.5.16"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt3000_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.5.16"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "x3000_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.4.8"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xe3000_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.4.8"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xe300_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.3.16"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e750_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.3.12"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "x750_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.3.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sft1200_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.3.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ar300m_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.3.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ar300m16_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.3.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ar750_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.3.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ar750s_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.3.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "b1300_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.3.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt1300_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.3.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt300n-v2_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "4.3.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ap1300_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "3.217"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "b2200_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "3.216"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mv1000_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "3.216"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mv1000w_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "3.216"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usb150_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "3.216"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sf1200_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "3.216"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n300_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "3.216"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s1300_firmware",
"vendor": "gl-inet",
"versions": [
{
"status": "affected",
"version": "3.216"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T14:48:57.143782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T15:09:56.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T15:31:54.275Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypass%20the%20login%20mechanism.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39225",
"datePublished": "2024-08-06T00:00:00.000Z",
"dateReserved": "2024-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-15T15:31:54.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…