CVE-2024-39229 (GCVE-0-2024-39229)
Vulnerability from cvelistv5 – Published: 2024-08-06 00:00 – Updated: 2024-11-21 18:43
VLAI?
Summary
An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T15:41:13.508119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-924",
"description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T18:43:08.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T15:34:59.730690",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/DDNS%20data%20is%20not%20encrypted.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39229",
"datePublished": "2024-08-06T00:00:00",
"dateReserved": "2024-06-21T00:00:00",
"dateUpdated": "2024-11-21T18:43:08.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25FB0820-4ABA-4998-86BB-878B17468245\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCDE99A6-DA15-4E4B-8C60-CCB9D580BD82\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72ECCE6C-E44B-4165-8FB6-55008C376274\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6DBF472-E98E-4E00-B6A0-6D8FA1678AEA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBA22E2A-8C0B-44D4-917F-4A929C266AD3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2AA4BAC-C6D1-42C0-94E9-5B05AC24A235\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C75FBC4F-7547-47F4-8577-FA31CF9A95EA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCB312FD-370C-4DF9-961F-F0C4920AA368\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43114B40-C368-435A-91EC-B4666CC691CB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF453954-BC32-4577-8CE4-066812193495\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5222AC63-91C6-4B99-8FDD-2CCFD1CA66EF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3ADF5BF3-0F52-4947-8BC2-3505EDEEDF28\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70AC521D-2DE4-4B7F-846D-A945A5EC0931\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFF2DBFD-2AE0-41BC-B614-9836098119F4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95C80395-9A66-4952-8259-89623C5EC065\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9479FFAA-9C87-4530-884D-B96055A3D41C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1123CE79-1C08-4408-A19A-DC1A4E74DA91\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"265EDD5D-B879-4E8A-A6DE-400BC6273A41\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96241919-0E87-4966-B94F-58DA4DFDA607\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57D82B62-F057-42A4-8530-86145AE91AC2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D99FD7EE-B736-452B-B0F4-B045592023B7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3590B0-7F4B-49C2-BE77-57AD27A91018\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61925658-3785-4E1C-B1B3-2F88B3F5FE52\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D1EDFF0-F67C-4801-815C-309940BD7338\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E77ACF4-385E-48CB-87FC-F631A04ACBE5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E656351D-E06E-435F-B1E5-34B89FD8B54B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FC51E4D-9784-4264-83BF-CB7DF70087E6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F040AC86-5D7A-4E57-B272-A425DDDE1698\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD9AA29E-C1C0-4F18-AB85-DA8285B74EE3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA3E349B-C40F-4DE6-B977-CF677B2F9814\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C49C8A1-EA3A-4954-95C1-7691EEF6A532\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"749A6936-392E-430C-ABD3-33D4C5B3D178\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3AC5207-7130-4B6A-A8E3-763050749DFA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F18E5F1D-55CD-4F6A-A349-90DD27B29955\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D132DF3-58FC-4F9B-9518-B668A9564D97\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A47EFE3F-D217-469E-BEE6-5D78037C71C3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E513879-5A56-4B91-913D-7C68B7323B8C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CECA41F-E807-4234-8C41-477DE132210E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96D4CCC3-BFB2-449D-8947-FDDC722F15F6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"797DD304-0AF8-4E2C-8F72-ADF31B8AD6F4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24CFCB1B-1AA2-4D05-9545-D8864517F52E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:ap1300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72D7EFDB-E10E-4D75-ABE2-CC3CE321F584\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C725432A-2F3B-46F9-B705-34ECC4299FED\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:b2200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBB4C645-59AA-4682-A487-C0DB2CF0A4F1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C1BD239-D370-4F14-A6B2-2C078170ECEB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:mv1000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FB8DF06-507E-4933-ABAD-1FB7D70CD3C2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6E3539B-172C-4AF3-AD1E-AED4937F1BB0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:mv1000w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23E9E6FC-346D-4D58-BD4E-84A81722A155\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FABD5B0B-9763-4020-8858-1B67FACB125A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:usb150:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCBDE54D-5475-41A6-8E17-EFF445B3C2F1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C5D0C75-04DE-4315-9980-E8F31AE6F261\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:sf1200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40F5BAAA-AE8C-41F3-8C41-B0223BDB4314\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF760DF0-D192-4FF8-BC24-F9F71EA365F6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:n300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F805B376-E08F-4D66-A301-59EF92E4082B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F83CD9FC-F9BE-4B76-B387-AA2588631780\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:s1300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8B6BB55-8107-490B-90FD-F7EE3A89C7D9\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.\"}, {\"lang\": \"es\", \"value\": \"Un problema en los productos GL-iNet AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4 y B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 permiten a los atacantes interceptar comunicaciones a trav\\u00e9s de un ataque de intermediario cuando los clientes DDNS est\\u00e1n reportando datos al servidor.\"}]",
"id": "CVE-2024-39229",
"lastModified": "2024-11-21T19:15:09.887",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 3.6}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}]}",
"published": "2024-08-06T17:15:54.027",
"references": "[{\"url\": \"https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/DDNS%20data%20is%20not%20encrypted.md\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-924\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-39229\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-08-06T17:15:54.027\",\"lastModified\":\"2024-11-21T19:15:09.887\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.\"},{\"lang\":\"es\",\"value\":\"Un problema en los productos GL-iNet AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4 y B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 permiten a los atacantes interceptar comunicaciones a trav\u00e9s de un ataque de intermediario cuando los clientes DDNS est\u00e1n reportando datos al servidor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-924\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25FB0820-4ABA-4998-86BB-878B17468245\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCDE99A6-DA15-4E4B-8C60-CCB9D580BD82\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72ECCE6C-E44B-4165-8FB6-55008C376274\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6DBF472-E98E-4E00-B6A0-6D8FA1678AEA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBA22E2A-8C0B-44D4-917F-4A929C266AD3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2AA4BAC-C6D1-42C0-94E9-5B05AC24A235\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C75FBC4F-7547-47F4-8577-FA31CF9A95EA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCB312FD-370C-4DF9-961F-F0C4920AA368\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43114B40-C368-435A-91EC-B4666CC691CB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF453954-BC32-4577-8CE4-066812193495\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5222AC63-91C6-4B99-8FDD-2CCFD1CA66EF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ADF5BF3-0F52-4947-8BC2-3505EDEEDF28\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70AC521D-2DE4-4B7F-846D-A945A5EC0931\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFF2DBFD-2AE0-41BC-B614-9836098119F4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95C80395-9A66-4952-8259-89623C5EC065\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9479FFAA-9C87-4530-884D-B96055A3D41C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1123CE79-1C08-4408-A19A-DC1A4E74DA91\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"265EDD5D-B879-4E8A-A6DE-400BC6273A41\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96241919-0E87-4966-B94F-58DA4DFDA607\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57D82B62-F057-42A4-8530-86145AE91AC2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99FD7EE-B736-452B-B0F4-B045592023B7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3590B0-7F4B-49C2-BE77-57AD27A91018\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61925658-3785-4E1C-B1B3-2F88B3F5FE52\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D1EDFF0-F67C-4801-815C-309940BD7338\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E77ACF4-385E-48CB-87FC-F631A04ACBE5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E656351D-E06E-435F-B1E5-34B89FD8B54B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FC51E4D-9784-4264-83BF-CB7DF70087E6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F040AC86-5D7A-4E57-B272-A425DDDE1698\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD9AA29E-C1C0-4F18-AB85-DA8285B74EE3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA3E349B-C40F-4DE6-B977-CF677B2F9814\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C49C8A1-EA3A-4954-95C1-7691EEF6A532\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"749A6936-392E-430C-ABD3-33D4C5B3D178\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3AC5207-7130-4B6A-A8E3-763050749DFA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F18E5F1D-55CD-4F6A-A349-90DD27B29955\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D132DF3-58FC-4F9B-9518-B668A9564D97\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A47EFE3F-D217-469E-BEE6-5D78037C71C3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E513879-5A56-4B91-913D-7C68B7323B8C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CECA41F-E807-4234-8C41-477DE132210E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96D4CCC3-BFB2-449D-8947-FDDC722F15F6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"797DD304-0AF8-4E2C-8F72-ADF31B8AD6F4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24CFCB1B-1AA2-4D05-9545-D8864517F52E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:ap1300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72D7EFDB-E10E-4D75-ABE2-CC3CE321F584\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C725432A-2F3B-46F9-B705-34ECC4299FED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:b2200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBB4C645-59AA-4682-A487-C0DB2CF0A4F1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C1BD239-D370-4F14-A6B2-2C078170ECEB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:mv1000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FB8DF06-507E-4933-ABAD-1FB7D70CD3C2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6E3539B-172C-4AF3-AD1E-AED4937F1BB0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:mv1000w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23E9E6FC-346D-4D58-BD4E-84A81722A155\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FABD5B0B-9763-4020-8858-1B67FACB125A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:usb150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCBDE54D-5475-41A6-8E17-EFF445B3C2F1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C5D0C75-04DE-4315-9980-E8F31AE6F261\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:sf1200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40F5BAAA-AE8C-41F3-8C41-B0223BDB4314\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF760DF0-D192-4FF8-BC24-F9F71EA365F6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:n300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F805B376-E08F-4D66-A301-59EF92E4082B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F83CD9FC-F9BE-4B76-B387-AA2588631780\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:s1300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8B6BB55-8107-490B-90FD-F7EE3A89C7D9\"}]}]}],\"references\":[{\"url\":\"https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/DDNS%20data%20is%20not%20encrypted.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39229\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-08T15:41:13.508119Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-924\", \"description\": \"CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-08T15:38:49.761Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/DDNS%20data%20is%20not%20encrypted.md\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-08-15T15:34:59.730690\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-39229\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-21T18:43:08.245Z\", \"dateReserved\": \"2024-06-21T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-08-06T00:00:00\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…