CVE-2024-28077
published 2024-08-26CVE-2024-28077: A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.43%
34.4th percentile
A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gl-inet | a1300_firmware | — | — |
| gl-inet | ar300m16_firmware | — | — |
| gl-inet | ar300m_firmware | — | — |
| gl-inet | ar750_firmware | — | — |
| gl-inet | ar750s_firmware | — | — |
| gl-inet | ax1800_firmware | — | — |
| gl-inet | axt1800_firmware | — | — |
| gl-inet | b1300_firmware | — | — |
| gl-inet | mt1300_firmware | — | — |
| gl-inet | mt2500_firmware | — | — |
| gl-inet | mt3000_firmware | — | — |
| gl-inet | mt300n-v2_firmware | — | — |
| gl-inet | mt6000_firmware | — | — |
| gl-inet | sft1200_firmware | — | — |
| gl-inet | x3000_firmware | — | — |
| gl-inet | x750_firmware | — | — |
| gl-inet | xe3000_firmware | — | — |
| gl-inet | xe300_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-26
Published