1. Home
  2. CVE Database
  3. CVE-2024-28077
HIGH · 7.5

CVE-2024-28077

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports o...

Vulnerability Description

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
Gl-InetMt6000 Firmware4.5.6
Gl-InetMt6000-
Gl-InetX3000 Firmware4.4.6
Gl-InetX3000-
Gl-InetXe3000 Firmware4.4.4
Gl-InetXe3000-
Gl-InetA1300 Firmware4.5.0
Gl-InetA1300-
Gl-InetAx1800 Firmware4.5.0
Gl-InetAx1800-
Gl-InetAxt1800 Firmware4.5.0
Gl-InetAxt1800-
Gl-InetMt2500 Firmware4.5.0
Gl-InetMt2500-
Gl-InetMt3000 Firmware4.5.0
Gl-InetMt3000-
Gl-InetXe300 Firmware4.3.16
Gl-InetXe300-
Gl-InetX750 Firmware4.3.7
Gl-InetX750-

References

FAQ

What is CVE-2024-28077?

CVE-2024-28077 is a vulnerability with a CVSS score of 7.5 (HIGH). A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports o...

How severe is CVE-2024-28077?

CVE-2024-28077 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-28077?

Check the references section above for vendor advisories and patch information. Affected products include: Gl-Inet Mt6000 Firmware, Gl-Inet Mt6000, Gl-Inet X3000 Firmware, Gl-Inet X3000, Gl-Inet Xe3000 Firmware.