Back

CVE-2024-39229

Aug. 6, 2024, 5:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

GL-iNet XE300

  • 4.3.16

GL-iNet E750

  • 4.3.12

GL-iNet AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750

  • 4.3.11
  • 4.5.16
  • 4.3.16
  • 4.3.12
  • 4.3.13

GL-iNet MT3000/MT2500/AXT1800/AX1800/A1300/X300B

  • 4.5.16

GL-iNet AP1300/S1300

  • 4.3.13

GL-iNet XE3000/X3000

  • 4

GL-iNet B2200/MV1000/MV1000W/USB150/N300/SF1200

  • 3.216

Source

cve@mitre.org

Tags

cve@mitre.org
2024-08-06
CVE-2024-39229

CVE-2024-39229 details

Published : Aug. 6, 2024, 5:15 p.m.
Last Modified : Aug. 6, 2024, 5:15 p.m.

Description

An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com cve@mitre.org
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/DDNS%20data%20is%20not%20encrypted.md cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.