1. Home
  2. CVE Database
  3. CVE-2024-27356
HIGH · 7.5

CVE-2024-27356

An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3...

Vulnerability Description

An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
Gl-InetMt6000 Firmware4.5.5
Gl-InetMt6000-
Gl-InetXe3000 Firmware4.4.4
Gl-InetXe3000-
Gl-InetX3000 Firmware4.4.5
Gl-InetX3000-
Gl-InetMt3000 Firmware4.5.0
Gl-InetMt3000-
Gl-InetMt2500 Firmware4.5.0
Gl-InetMt2500-
Gl-InetAxt1800 Firmware4.5.0
Gl-InetAxt1800-
Gl-InetAx1800 Firmware4.5.0
Gl-InetAx1800-
Gl-InetA1300 Firmware4.5.0
Gl-InetA1300-
Gl-InetS200 Firmware4.1.4-0300
Gl-InetS200-
Gl-InetX750 Firmware4.3.7
Gl-InetX750-

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2024-27356?

CVE-2024-27356 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3...

How severe is CVE-2024-27356?

CVE-2024-27356 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-27356?

Check the references section above for vendor advisories and patch information. Affected products include: Gl-Inet Mt6000 Firmware, Gl-Inet Mt6000, Gl-Inet Xe3000 Firmware, Gl-Inet Xe3000, Gl-Inet X3000 Firmware.