Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

GL-iNet AR750

4.3.11

GL-iNet AR750S

4.3.11

GL-iNet AR300M

4.3.11

GL-iNet AR300M16

4.3.11

GL-iNet MT300N-V2

4.3.11

GL-iNet B1300

4.3.11

GL-iNet MT1300

4.3.11

GL-iNet SFT1200

4.3.11

GL-iNet X750

4.3.11

GL-iNet MT3000

4.5.16

GL-iNet MT2500

4.5.16

GL-iNet AXT1800

4.5.16

GL-iNet AX1800

4.5.16

GL-iNet A1300

4.5.16

GL-iNet X300B

4.5.16

GL-iNet XE300

4.3.16

GL-iNet E750

4.3.12

GL-iNet AP1300

4.3.13

GL-iNet S1300

4.3.13

GL-iNet XE3000

GL-iNet X3000

Source

cve@mitre.org

CVE-2024-39227 details

Published : Aug. 6, 2024, 5:15 p.m.
Last Modified : Aug. 6, 2024, 5:15 p.m.

Description

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config.

CVSS Score

1	2	3	4	5	6	7	8	9	10

Weakness

Weakness	Name	Description

References

URL	Source
http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com	cve@mitre.org
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20library%20without%20logging%20in.md	cve@mitre.org

This website uses the NVD API, but is not approved or certified by it.

CVE-2024-39227