CVE-2024-39228

Summary

CVE-2024-39228 is a recently identified vulnerability affecting multiple GL-iNet products, including AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4. The vulnerability stems from a shell injection issue in the interface check_ovpn_client_config and check_config. Malicious actors could exploit this flaw by sending specially crafted input to the affected devices, potentially gaining unauthorized access and control. Users are urged to update their devices to the latest firmware versions to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.