Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-28077

Sept. 5, 2024, 6:29 p.m.

CVSS Score

7.5 / 10

Products Impacted

Vendor Product Versions
gl-inet
  • mt6000_firmware
  • mt6000
  • x3000_firmware
  • x3000
  • xe3000_firmware
  • xe3000
  • a1300_firmware
  • a1300
  • ax1800_firmware
  • ax1800
  • axt1800_firmware
  • axt1800
  • mt2500_firmware
  • mt2500
  • mt3000_firmware
  • mt3000
  • xe300_firmware
  • xe300
  • x750_firmware
  • x750
  • sft1200_firmware
  • sft1200
  • ar300m_firmware
  • ar300m
  • ar300m16_firmware
  • ar300m16
  • ar750_firmware
  • ar750
  • ar750s_firmware
  • ar750s
  • b1300_firmware
  • b1300
  • mt1300_firmware
  • mt1300
  • mt300n-v2_firmware
  • mt300n-v2
  • 4.5.6
  • -
  • 4.4.6
  • -
  • 4.4.4
  • -
  • 4.5.0
  • -
  • 4.5.0
  • -
  • 4.5.0
  • -
  • 4.5.0
  • -
  • 4.5.0
  • -
  • 4.3.16
  • -
  • 4.3.7
  • -
  • 4.3.7
  • -
  • 4.3.10
  • -
  • 4.3.10
  • -
  • 4.3.10
  • -
  • 4.3.10
  • -
  • 4.3.10
  • -
  • 4.3.10
  • -
  • 4.3.10
  • -

Description

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.

Weaknesses

Date

Published: Aug. 26, 2024, 8:15 p.m.

Last Modified: Sept. 5, 2024, 6:29 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o gl-inet mt6000_firmware 4.5.6 / / / / / / /
h gl-inet mt6000 - / / / / / / /
o gl-inet x3000_firmware 4.4.6 / / / / / / /
h gl-inet x3000 - / / / / / / /
o gl-inet xe3000_firmware 4.4.4 / / / / / / /
h gl-inet xe3000 - / / / / / / /
o gl-inet a1300_firmware 4.5.0 / / / / / / /
h gl-inet a1300 - / / / / / / /
o gl-inet ax1800_firmware 4.5.0 / / / / / / /
h gl-inet ax1800 - / / / / / / /
o gl-inet axt1800_firmware 4.5.0 / / / / / / /
h gl-inet axt1800 - / / / / / / /
o gl-inet mt2500_firmware 4.5.0 / / / / / / /
h gl-inet mt2500 - / / / / / / /
o gl-inet mt3000_firmware 4.5.0 / / / / / / /
h gl-inet mt3000 - / / / / / / /
o gl-inet xe300_firmware 4.3.16 / / / / / / /
h gl-inet xe300 - / / / / / / /
o gl-inet x750_firmware 4.3.7 / / / / / / /
h gl-inet x750 - / / / / / / /
o gl-inet sft1200_firmware 4.3.7 / / / / / / /
h gl-inet sft1200 - / / / / / / /
o gl-inet ar300m_firmware 4.3.10 / / / / / / /
h gl-inet ar300m - / / / / / / /
o gl-inet ar300m16_firmware 4.3.10 / / / / / / /
h gl-inet ar300m16 - / / / / / / /
o gl-inet ar750_firmware 4.3.10 / / / / / / /
h gl-inet ar750 - / / / / / / /
o gl-inet ar750s_firmware 4.3.10 / / / / / / /
h gl-inet ar750s - / / / / / / /
o gl-inet b1300_firmware 4.3.10 / / / / / / /
h gl-inet b1300 - / / / / / / /
o gl-inet mt1300_firmware 4.3.10 / / / / / / /
h gl-inet mt1300 - / / / / / / /
o gl-inet mt300n-v2_firmware 4.3.10 / / / / / / /
h gl-inet mt300n-v2 - / / / / / / /

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score
7.5
Exploitability Score
3.9
Impact Score
3.6
Base Severity
HIGH
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References