Products
GL-iNet XE300
- 4.3.16
GL-iNet E750
- 4.3.12
GL-iNet AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750
- 4.3.11
- 4.5.16
- 4.3.16
- 4.3.12
- 4.3.13
GL-iNet MT3000/MT2500/AXT1800/AX1800/A1300/X300B
- 4.5.16
GL-iNet AP1300/S1300
- 4.3.13
GL-iNet XE3000/X3000
- 4
GL-iNet B2200/MV1000/MV1000W/USB150/N300/SF1200
- 3.216
Source
cve@mitre.org
Tags
CVE-2024-39229 details
Last Modified : Aug. 6, 2024, 5:15 p.m.
Description
An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com | cve@mitre.org |
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/DDNS%20data%20is%20not%20encrypted.md | cve@mitre.org |