Lucene search

[email protected]NVD:CVE-2024-28077

HistoryAug 26, 2024 - 8:15 p.m.

CVE-2024-28077

2024-08-2620:15:07

[email protected]

web.nvd.nist.gov

denial of service

gl-inet

devices

ddns

session management

vulnerability

ip addresses

ports

crash

mt6000

xe3000

x3000

mt3000

mt2500

axt1800

ax1800

a1300

s200

x750

sft1200

mt1300

ar750

ar750s

ar300m

ar300m16

b1300

mt300n-v2

xe300

cve-2024-28077

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.

Affected configurations

Nvd

Node

gl-inetmt6000_firmwareMatch4.5.6

AND

gl-inetmt6000Match-

Node

gl-inetx3000_firmwareMatch4.4.6

AND

gl-inetx3000Match-

Node

gl-inetxe3000_firmwareMatch4.4.4

AND

gl-inetxe3000Match-

Node

gl-ineta1300_firmwareMatch4.5.0

AND

gl-ineta1300Match-

Node

gl-inetax1800_firmwareMatch4.5.0

AND

gl-inetax1800Match-

Node

gl-inetaxt1800_firmwareMatch4.5.0

AND

gl-inetaxt1800Match-

Node

gl-inetmt2500_firmwareMatch4.5.0

AND

gl-inetmt2500Match-

Node

gl-inetmt3000_firmwareMatch4.5.0

AND

gl-inetmt3000Match-

Node

gl-inetxe300_firmwareMatch4.3.16

AND

gl-inetxe300Match-

Node

gl-inetx750_firmwareMatch4.3.7

AND

gl-inetx750Match-

Node

gl-inetsft1200_firmwareMatch4.3.7

AND

gl-inetsft1200Match-

Node

gl-inetar300m_firmwareMatch4.3.10

AND

gl-inetar300mMatch-

Node

gl-inetar300m16_firmwareMatch4.3.10

AND

gl-inetar300m16Match-

Node

gl-inetar750_firmwareMatch4.3.10

AND

gl-inetar750Match-

Node

gl-inetar750s_firmwareMatch4.3.10

AND

gl-inetar750sMatch-

Node

gl-inetb1300_firmwareMatch4.3.10

AND

gl-inetb1300Match-

Node

gl-inetmt1300_firmwareMatch4.3.10

AND

gl-inetmt1300Match-

Node

gl-inetmt300n-v2_firmwareMatch4.3.10

AND

gl-inetmt300n-v2Match-

VendorProductVersionCPE
gl-inetmt6000_firmware4.5.6cpe:2.3:o:gl-inet:mt6000_firmware:4.5.6:*:*:*:*:*:*:*
gl-inetmt6000-cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*
gl-inetx3000_firmware4.4.6cpe:2.3:o:gl-inet:x3000_firmware:4.4.6:*:*:*:*:*:*:*
gl-inetx3000-cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*
gl-inetxe3000_firmware4.4.4cpe:2.3:o:gl-inet:xe3000_firmware:4.4.4:*:*:*:*:*:*:*
gl-inetxe3000-cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*
gl-ineta1300_firmware4.5.0cpe:2.3:o:gl-inet:a1300_firmware:4.5.0:*:*:*:*:*:*:*
gl-ineta1300-cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*
gl-inetax1800_firmware4.5.0cpe:2.3:o:gl-inet:ax1800_firmware:4.5.0:*:*:*:*:*:*:*
gl-inetax1800-cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gl-inet	mt6000_firmware	4.5.6	cpe:2.3:o:gl-inet:mt6000_firmware:4.5.6:::::::*
gl-inet	mt6000	-	cpe:2.3:h:gl-inet:mt6000:-:::::::*
gl-inet	x3000_firmware	4.4.6	cpe:2.3:o:gl-inet:x3000_firmware:4.4.6:::::::*
gl-inet	x3000	-	cpe:2.3:h:gl-inet:x3000:-:::::::*
gl-inet	xe3000_firmware	4.4.4	cpe:2.3:o:gl-inet:xe3000_firmware:4.4.4:::::::*
gl-inet	xe3000	-	cpe:2.3:h:gl-inet:xe3000:-:::::::*
gl-inet	a1300_firmware	4.5.0	cpe:2.3:o:gl-inet:a1300_firmware:4.5.0:::::::*
gl-inet	a1300	-	cpe:2.3:h:gl-inet:a1300:-:::::::*
gl-inet	ax1800_firmware	4.5.0	cpe:2.3:o:gl-inet:ax1800_firmware:4.5.0:::::::*
gl-inet	ax1800	-	cpe:2.3:h:gl-inet:ax1800:-:::::::*

Rows per page:

1-10 of 361

References

github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md

gl-inet.com

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-28077

cvelist1 vulnrichment1 cve1