{"id": "CVE-2024-39227", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "
[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-08-06T17:15:53.943", "references": [{"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20library%20without%20logging%20in.md", "tags": ["Exploit", "Third Party Advisory"], "source": "
[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "
[email protected]", "description": [{"lang": "en", "value": "CWE-74"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-75"}]}], "descriptions": [{"lang": "en", "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data."}, {"lang": "es", "value": "Productos GL-iNet AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4. 3.16, E750 v4. 3.12, AP1300/S1300 v4.3.13 y XE3000/X3000 v4.4 conten\u00edan una vulnerabilidad de inyecci\u00f3n de shell a trav\u00e9s de la interfaz check_ovpn_client_config."}], "lastModified": "2024-08-15T16:15:19.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25FB0820-4ABA-4998-86BB-878B17468245"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CCDE99A6-DA15-4E4B-8C60-CCB9D580BD82"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72ECCE6C-E44B-4165-8FB6-55008C376274"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D6DBF472-E98E-4E00-B6A0-6D8FA1678AEA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBA22E2A-8C0B-44D4-917F-4A929C266AD3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2AA4BAC-C6D1-42C0-94E9-5B05AC24A235"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C75FBC4F-7547-47F4-8577-FA31CF9A95EA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BCB312FD-370C-4DF9-961F-F0C4920AA368"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43114B40-C368-435A-91EC-B4666CC691CB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FF453954-BC32-4577-8CE4-066812193495"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5222AC63-91C6-4B99-8FDD-2CCFD1CA66EF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3ADF5BF3-0F52-4947-8BC2-3505EDEEDF28"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70AC521D-2DE4-4B7F-846D-A945A5EC0931"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AFF2DBFD-2AE0-41BC-B614-9836098119F4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95C80395-9A66-4952-8259-89623C5EC065"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9479FFAA-9C87-4530-884D-B96055A3D41C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1123CE79-1C08-4408-A19A-DC1A4E74DA91"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "265EDD5D-B879-4E8A-A6DE-400BC6273A41"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96241919-0E87-4966-B94F-58DA4DFDA607"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57D82B62-F057-42A4-8530-86145AE91AC2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99FD7EE-B736-452B-B0F4-B045592023B7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2D3590B0-7F4B-49C2-BE77-57AD27A91018"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61925658-3785-4E1C-B1B3-2F88B3F5FE52"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D1EDFF0-F67C-4801-815C-309940BD7338"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E77ACF4-385E-48CB-87FC-F631A04ACBE5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E656351D-E06E-435F-B1E5-34B89FD8B54B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FC51E4D-9784-4264-83BF-CB7DF70087E6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F040AC86-5D7A-4E57-B272-A425DDDE1698"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD9AA29E-C1C0-4F18-AB85-DA8285B74EE3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FA3E349B-C40F-4DE6-B977-CF677B2F9814"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C49C8A1-EA3A-4954-95C1-7691EEF6A532"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "749A6936-392E-430C-ABD3-33D4C5B3D178"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3AC5207-7130-4B6A-A8E3-763050749DFA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F18E5F1D-55CD-4F6A-A349-90DD27B29955"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D132DF3-58FC-4F9B-9518-B668A9564D97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A47EFE3F-D217-469E-BEE6-5D78037C71C3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E513879-5A56-4B91-913D-7C68B7323B8C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5CECA41F-E807-4234-8C41-477DE132210E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96D4CCC3-BFB2-449D-8947-FDDC722F15F6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "797DD304-0AF8-4E2C-8F72-ADF31B8AD6F4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24CFCB1B-1AA2-4D05-9545-D8864517F52E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ap1300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72D7EFDB-E10E-4D75-ABE2-CC3CE321F584"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C725432A-2F3B-46F9-B705-34ECC4299FED"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:b2200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DBB4C645-59AA-4682-A487-C0DB2CF0A4F1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C1BD239-D370-4F14-A6B2-2C078170ECEB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mv1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0FB8DF06-507E-4933-ABAD-1FB7D70CD3C2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6E3539B-172C-4AF3-AD1E-AED4937F1BB0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mv1000w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "23E9E6FC-346D-4D58-BD4E-84A81722A155"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FABD5B0B-9763-4020-8858-1B67FACB125A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:usb150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DCBDE54D-5475-41A6-8E17-EFF445B3C2F1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C5D0C75-04DE-4315-9980-E8F31AE6F261"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:sf1200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "40F5BAAA-AE8C-41F3-8C41-B0223BDB4314"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF760DF0-D192-4FF8-BC24-F9F71EA365F6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:n300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F805B376-E08F-4D66-A301-59EF92E4082B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F83CD9FC-F9BE-4B76-B387-AA2588631780"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:s1300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D8B6BB55-8107-490B-90FD-F7EE3A89C7D9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "
[email protected]"}
