Today > 2 Critical | 2 High | 8 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-39226

Aug. 6, 2024, 4:30 p.m.

Product(s) Impacted

GL-iNet

  • AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11
  • MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16
  • XE300 v4.3.16
  • E750 v4.3.12
  • AP1300/S1300 v4.3.13
  • XE3000/X3000 v4.4

Description

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data.

Weaknesses

Date

Published: Aug. 6, 2024, 4:15 p.m.

Last Modified: Aug. 6, 2024, 4:30 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

References