CVE-2024-28077

Published Aug 26, 2024
Last updated 2 months ago
CVSS high 7.5
Overview

Description: A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH
Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:mt6000_firmware:4.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C1C6413-DB3D-4B14-9246-38AA5103615D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CCDE99A6-DA15-4E4B-8C60-CCB9D580BD82"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:x3000_firmware:4.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "861A5EB1-2DFF-479C-9202-590DB6E796C9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9479FFAA-9C87-4530-884D-B96055A3D41C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:xe3000_firmware:4.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB3DD919-EC2B-44CF-AEBD-4EA5A0D52552"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "265EDD5D-B879-4E8A-A6DE-400BC6273A41"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:a1300_firmware:4.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD782342-ED71-4BD6-97EB-330F14991957"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D6DBF472-E98E-4E00-B6A0-6D8FA1678AEA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:ax1800_firmware:4.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AE60C1C-957D-472A-BB66-21DA80B97099"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BCB312FD-370C-4DF9-961F-F0C4920AA368"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:axt1800_firmware:4.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AED7B3A1-7DEB-4DB0-AA6E-7D27434BD2CD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF453954-BC32-4577-8CE4-066812193495"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:mt2500_firmware:4.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C4B6800-8A1B-4522-B5E0-9CC4C09DBA2A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3ADF5BF3-0F52-4947-8BC2-3505EDEEDF28"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:mt3000_firmware:4.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79D3F6BA-60D2-495A-8C74-7E74D3DB25A7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AFF2DBFD-2AE0-41BC-B614-9836098119F4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96241919-0E87-4966-B94F-58DA4DFDA607"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "57D82B62-F057-42A4-8530-86145AE91AC2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:x750_firmware:4.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CB74B0F-E141-403A-B480-5B48B9040D4E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3D1EDFF0-F67C-4801-815C-309940BD7338"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:sft1200_firmware:4.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AE590D9-C0AB-4E3E-8E03-DBF12445AA0B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E656351D-E06E-435F-B1E5-34B89FD8B54B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:ar300m_firmware:4.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E53CE790-1466-4BB0-933B-33B531C0DD55"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F040AC86-5D7A-4E57-B272-A425DDDE1698"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83E73FCD-31F7-4BE9-8D16-FB4FDAC685BF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FA3E349B-C40F-4DE6-B977-CF677B2F9814"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:ar750_firmware:4.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "993B06A2-2BB4-4EBC-904E-802001D9DFEC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "749A6936-392E-430C-ABD3-33D4C5B3D178"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:ar750s_firmware:4.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD8F61AA-DE3B-44DC-AE73-7D8E807F918E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F18E5F1D-55CD-4F6A-A349-90DD27B29955"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:b1300_firmware:4.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C1EDB92-F871-4F92-B5CB-9DE24A908D8C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A47EFE3F-D217-469E-BEE6-5D78037C71C3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:mt1300_firmware:4.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE0558E6-FAC8-4569-9AA4-C96823E591C8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5CECA41F-E807-4234-8C41-477DE132210E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5BB0698-5585-4511-88EA-7C265EF22F10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "797DD304-0AF8-4E2C-8F72-ADF31B8AD6F4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
