Back

CVE-2024-28077

Aug. 26, 2024, 8:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

GL-iNet devices

  • MT6000 4.5.6
  • XE3000 4.4.5
  • X3000 4.4.6
  • MT3000 4.5.0
  • MT2500 4.5.0
  • AXT1800 4.5.0
  • AX1800 4.5.0
  • A1300 4.5.0
  • S200 4.1.4-0300
  • X750 4.3.7
  • SFT1200 4.3.7
  • MT1300 4.3.10
  • AR750 4.3.10
  • AR750S 4.3.10
  • AR300M 4.3.10
  • AR300M16 4.3.10
  • B1300 4.3.10
  • MT300N-V2 4.3.10
  • XE300 4.3.16

Source

cve@mitre.org

Tags

cve@mitre.org
2024-08-26
CVE-2024-28077

CVE-2024-28077 details

Published : Aug. 26, 2024, 8:15 p.m.
Last Modified : Aug. 26, 2024, 8:15 p.m.

Description

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md cve@mitre.org
https://gl-inet.com cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.