FKIE_CVE-2024-28077
Vulnerability from fkie_nvd - Published: 2024-08-26 20:15 - Updated: 2025-03-14 14:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md | Third Party Advisory | |
| cve@mitre.org | https://gl-inet.com | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gl-inet | mt6000_firmware | 4.5.6 | |
| gl-inet | mt6000 | - | |
| gl-inet | x3000_firmware | 4.4.6 | |
| gl-inet | x3000 | - | |
| gl-inet | xe3000_firmware | 4.4.4 | |
| gl-inet | xe3000 | - | |
| gl-inet | a1300_firmware | 4.5.0 | |
| gl-inet | a1300 | - | |
| gl-inet | ax1800_firmware | 4.5.0 | |
| gl-inet | ax1800 | - | |
| gl-inet | axt1800_firmware | 4.5.0 | |
| gl-inet | axt1800 | - | |
| gl-inet | mt2500_firmware | 4.5.0 | |
| gl-inet | mt2500 | - | |
| gl-inet | mt3000_firmware | 4.5.0 | |
| gl-inet | mt3000 | - | |
| gl-inet | xe300_firmware | 4.3.16 | |
| gl-inet | xe300 | - | |
| gl-inet | x750_firmware | 4.3.7 | |
| gl-inet | x750 | - | |
| gl-inet | sft1200_firmware | 4.3.7 | |
| gl-inet | sft1200 | - | |
| gl-inet | ar300m_firmware | 4.3.10 | |
| gl-inet | ar300m | - | |
| gl-inet | ar300m16_firmware | 4.3.10 | |
| gl-inet | ar300m16 | - | |
| gl-inet | ar750_firmware | 4.3.10 | |
| gl-inet | ar750 | - | |
| gl-inet | ar750s_firmware | 4.3.10 | |
| gl-inet | ar750s | - | |
| gl-inet | b1300_firmware | 4.3.10 | |
| gl-inet | b1300 | - | |
| gl-inet | mt1300_firmware | 4.3.10 | |
| gl-inet | mt1300 | - | |
| gl-inet | mt300n-v2_firmware | 4.3.10 | |
| gl-inet | mt300n-v2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:mt6000_firmware:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1C6413-DB3D-4B14-9246-38AA5103615D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDE99A6-DA15-4E4B-8C60-CCB9D580BD82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:x3000_firmware:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "861A5EB1-2DFF-479C-9202-590DB6E796C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9479FFAA-9C87-4530-884D-B96055A3D41C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:xe3000_firmware:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3DD919-EC2B-44CF-AEBD-4EA5A0D52552",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "265EDD5D-B879-4E8A-A6DE-400BC6273A41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:a1300_firmware:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD782342-ED71-4BD6-97EB-330F14991957",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6DBF472-E98E-4E00-B6A0-6D8FA1678AEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:ax1800_firmware:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE60C1C-957D-472A-BB66-21DA80B97099",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB312FD-370C-4DF9-961F-F0C4920AA368",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:axt1800_firmware:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AED7B3A1-7DEB-4DB0-AA6E-7D27434BD2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF453954-BC32-4577-8CE4-066812193495",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:mt2500_firmware:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C4B6800-8A1B-4522-B5E0-9CC4C09DBA2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADF5BF3-0F52-4947-8BC2-3505EDEEDF28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:mt3000_firmware:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79D3F6BA-60D2-495A-8C74-7E74D3DB25A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF2DBFD-2AE0-41BC-B614-9836098119F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96241919-0E87-4966-B94F-58DA4DFDA607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57D82B62-F057-42A4-8530-86145AE91AC2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:x750_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB74B0F-E141-403A-B480-5B48B9040D4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1EDFF0-F67C-4801-815C-309940BD7338",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:sft1200_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE590D9-C0AB-4E3E-8E03-DBF12445AA0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E656351D-E06E-435F-B1E5-34B89FD8B54B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:ar300m_firmware:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E53CE790-1466-4BB0-933B-33B531C0DD55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F040AC86-5D7A-4E57-B272-A425DDDE1698",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "83E73FCD-31F7-4BE9-8D16-FB4FDAC685BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3E349B-C40F-4DE6-B977-CF677B2F9814",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:ar750_firmware:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "993B06A2-2BB4-4EBC-904E-802001D9DFEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "749A6936-392E-430C-ABD3-33D4C5B3D178",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:ar750s_firmware:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8F61AA-DE3B-44DC-AE73-7D8E807F918E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F18E5F1D-55CD-4F6A-A349-90DD27B29955",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:b1300_firmware:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1EDB92-F871-4F92-B5CB-9DE24A908D8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A47EFE3F-D217-469E-BEE6-5D78037C71C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:mt1300_firmware:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0558E6-FAC8-4569-9AA4-C96823E591C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CECA41F-E807-4234-8C41-477DE132210E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BB0698-5585-4511-88EA-7C265EF22F10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "797DD304-0AF8-4E2C-8F72-ADF31B8AD6F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de denegaci\u00f3n de servicio en ciertos dispositivos GL-iNet. Algunos sitios web pueden detectar dispositivos expuestos a la red externa a trav\u00e9s de DDNS y, en consecuencia, obtener las direcciones IP y los puertos de los dispositivos que est\u00e1n expuestos. Al utilizar nombres de usuario especiales y caracteres especiales (como medio par\u00e9ntesis o corchetes), se puede llamar a la interfaz de inicio de sesi\u00f3n y provocar que el programa de administraci\u00f3n de sesiones falle, lo que provocar\u00e1 que los clientes no puedan iniciar sesi\u00f3n en sus dispositivos. Esto afecta a MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10 y XE300 4 .3. 16."
}
],
"id": "CVE-2024-28077",
"lastModified": "2025-03-14T14:15:14.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-08-26T20:15:07.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://gl-inet.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…