CVE-2024-27356

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27356

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

A

n issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.

References
Link Resource
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md Third Party Advisory
https://gl-inet.com Product
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md Third Party Advisory
https://gl-inet.com Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:gl-inet:mt6000_firmware:4.5.5:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:gl-inet:xe3000_firmware:4.4.4:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:gl-inet:x3000_firmware:4.4.5:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:gl-inet:mt3000_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:gl-inet:mt2500_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:gl-inet:axt1800_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:gl-inet:ax1800_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:gl-inet:a1300_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:gl-inet:s200_firmware:4.1.4-0300:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:s200:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:gl-inet:x750_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:gl-inet:sft1200_firmware:4.37:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:gl-inet:xe300_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:gl-inet:mt1300_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:gl-inet:ar750_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:gl-inet:ar750s_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:gl-inet:ar300m_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:gl-inet:b1300_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:gl-inet:x300b_firmware:3.217:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:s1300:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sf1200:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:n300:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b2200:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:gl-inet:x1200_firmware:3.203:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x1200:-:*:*:*:*:*:*:*
History

18 Sep 2025, 16:27

Type Values Removed Values Added
References () https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md - () https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md - Third Party Advisory
References () https://gl-inet.com - () https://gl-inet.com - Product
CPE cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x1200_firmware:3.203:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ax1800_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:s200:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:axt1800_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x300b_firmware:3.217:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe300_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt1300_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe3000_firmware:4.4.4:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt3000_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:s200_firmware:4.1.4-0300:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:s1300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt2500_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b2200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x750_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sf1200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b1300_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750s_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x1200:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x3000_firmware:4.4.5:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt6000_firmware:4.5.5:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:a1300_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:sft1200_firmware:4.37:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:n300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*
First Time Gl-inet x300b
Gl-inet sf1200
Gl-inet mt2500 Firmware
Gl-inet ar300m
Gl-inet ar300m16 Firmware
Gl-inet axt1800
Gl-inet mt6000 Firmware
Gl-inet sf1200 Firmware
Gl-inet b2200
Gl-inet x3000 Firmware
Gl-inet b1300 Firmware
Gl-inet ar300m Firmware
Gl-inet ax1800
Gl-inet ar750s Firmware
Gl-inet ar750s
Gl-inet mt6000
Gl-inet mt3000 Firmware
Gl-inet mt300n-v2 Firmware
Gl-inet xe3000 Firmware
Gl-inet x1200 Firmware
Gl-inet s200
Gl-inet n300
Gl-inet s1300
Gl-inet mv1000
Gl-inet mt1300 Firmware
Gl-inet x3000
Gl-inet xe300
Gl-inet s200 Firmware
Gl-inet x750 Firmware
Gl-inet s1300 Firmware
Gl-inet b1300
Gl-inet ar300m16
Gl-inet axt1800 Firmware
Gl-inet mt1300
Gl-inet x750
Gl-inet ar750 Firmware
Gl-inet mt300n-v2
Gl-inet a1300 Firmware
Gl-inet mt3000
Gl-inet a1300
Gl-inet ar750
Gl-inet x1200
Gl-inet sft1200 Firmware
Gl-inet xe3000
Gl-inet sft1200
Gl-inet b2200 Firmware
Gl-inet ax1800 Firmware
Gl-inet mt2500
Gl-inet mv1000 Firmware
Gl-inet
Gl-inet x300b Firmware
Gl-inet n300 Firmware
Gl-inet xe300 Firmware

24 Mar 2025, 16:15

Type Values Removed Values Added
CWE CWE-200

21 Nov 2024, 09:04

Type Values Removed Values Added
References () https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md - () https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md -
References () https://gl-inet.com - () https://gl-inet.com -

07 Aug 2024, 18:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
Information

Published : 2024-02-27 01:15

Updated : 2025-09-18 16:27

NVD link : CVE-2024-27356

Mitre link : CVE-2024-27356

CVE.ORG link : CVE-2024-27356

JSON object : View

Products Affected

gl-inet

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor