CVE-2024-39227

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 6, 2024

Updated: Aug 15, 2024

CWE ID 75

CWE ID 74

Summary

CVE-2024-39227 affects multiple GL-iNet products, including AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4. The vulnerability resides in the endpoint /cgi-bin/glc, which contains insecure permissions. Unauthenticated attackers can exploit this weakness by sending crafted JSON data, potentially gaining the ability to execute arbitrary code or perform a directory traversal. Users are urged to update their devices as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wlKR5y
https://www.cve.org/CVERecord?id=CVE-2024-39227
https://nvd.nist.gov/vuln/detail/CVE-2024-39227

Back to Vulnerability Database

CVE-2024-39227

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations