CVE-2024-39228
published 2024-08-06CVE-2024-39228: GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.66%
47.0th percentile
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gl-inet | a1300_firmware | — | — |
| gl-inet | ap1300_firmware | — | — |
| gl-inet | ar300m16_firmware | — | — |
| gl-inet | ar300m_firmware | — | — |
| gl-inet | ar750_firmware | — | — |
| gl-inet | ar750s_firmware | — | — |
| gl-inet | ax1800_firmware | — | — |
| gl-inet | axt1800_firmware | — | — |
| gl-inet | b1300_firmware | — | — |
| gl-inet | b2200_firmware | — | — |
| gl-inet | e750_firmware | — | — |
| gl-inet | mt1300_firmware | — | — |
| gl-inet | mt2500_firmware | — | — |
| gl-inet | mt3000_firmware | — | — |
| gl-inet | mt300n-v2_firmware | — | — |
| gl-inet | mt6000_firmware | — | — |
| gl-inet | mv1000_firmware | — | — |
| gl-inet | mv1000w_firmware | — | — |
| gl-inet | n300_firmware | — | — |
| gl-inet | s1300_firmware | — | — |
| gl-inet | sf1200_firmware | — | — |
| gl-inet | sft1200_firmware | — | — |
| gl-inet | usb150_firmware | — | — |
| gl-inet | x3000_firmware | — | — |
| gl-inet | x300b_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-06
Published