1. Home
  2. CVE Database
  3. CVE-2024-39229
MEDIUM · 5.3

CVE-2024-39229

An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3....

Vulnerability Description

An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
Gl-InetMt6000 Firmware4.5.8
Gl-InetMt6000-
Gl-InetA1300 Firmware4.5.16
Gl-InetA1300-
Gl-InetX300B Firmware4.5.16
Gl-InetX300B-
Gl-InetAx1800 Firmware4.5.16
Gl-InetAx1800-
Gl-InetAxt1800 Firmware4.5.16
Gl-InetAxt1800-
Gl-InetMt2500 Firmware4.5.16
Gl-InetMt2500-
Gl-InetMt3000 Firmware4.5.16
Gl-InetMt3000-
Gl-InetX3000 Firmware4.4.8
Gl-InetX3000-
Gl-InetXe3000 Firmware4.4.8
Gl-InetXe3000-
Gl-InetXe300 Firmware4.3.16
Gl-InetXe300-

Related Weaknesses (CWE)

CWE-924

References

FAQ

What is CVE-2024-39229?

CVE-2024-39229 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3....

How severe is CVE-2024-39229?

CVE-2024-39229 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-39229?

Check the references section above for vendor advisories and patch information. Affected products include: Gl-Inet Mt6000 Firmware, Gl-Inet Mt6000, Gl-Inet A1300 Firmware, Gl-Inet A1300, Gl-Inet X300B Firmware.