Vulnerability Description
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gl-Inet | Mt6000 Firmware | 4.5.8 |
| Gl-Inet | Mt6000 | - |
| Gl-Inet | A1300 Firmware | 4.5.16 |
| Gl-Inet | A1300 | - |
| Gl-Inet | X300B Firmware | 4.5.16 |
| Gl-Inet | X300B | - |
| Gl-Inet | Ax1800 Firmware | 4.5.16 |
| Gl-Inet | Ax1800 | - |
| Gl-Inet | Axt1800 Firmware | 4.5.16 |
| Gl-Inet | Axt1800 | - |
| Gl-Inet | Mt2500 Firmware | 4.5.16 |
| Gl-Inet | Mt2500 | - |
| Gl-Inet | Mt3000 Firmware | 4.5.16 |
| Gl-Inet | Mt3000 | - |
| Gl-Inet | X3000 Firmware | 4.4.8 |
| Gl-Inet | X3000 | - |
| Gl-Inet | Xe3000 Firmware | 4.4.8 |
| Gl-Inet | Xe3000 | - |
| Gl-Inet | Xe300 Firmware | 4.3.16 |
| Gl-Inet | Xe300 | - |
Related Weaknesses (CWE)
References
- https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20liExploitThird Party Advisory
FAQ
What is CVE-2024-39227?
CVE-2024-39227 is a vulnerability with a CVSS score of 9.8 (CRITICAL). GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE30...
How severe is CVE-2024-39227?
CVE-2024-39227 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-39227?
Check the references section above for vendor advisories and patch information. Affected products include: Gl-Inet Mt6000 Firmware, Gl-Inet Mt6000, Gl-Inet A1300 Firmware, Gl-Inet A1300, Gl-Inet X300B Firmware.