CVE-2024-39225
CRITICALDescription
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.
Is your site exposed to CVE-2024-39225?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| gl-inet | mt6000_firmware |
| gl-inet | mt6000 |
| gl-inet | a1300_firmware |
| gl-inet | a1300 |
| gl-inet | x300b_firmware |
| gl-inet | x300b |
| gl-inet | ax1800_firmware |
| gl-inet | ax1800 |
| gl-inet | axt1800_firmware |
| gl-inet | axt1800 |
| gl-inet | mt2500_firmware |
| gl-inet | mt2500 |
| gl-inet | mt3000_firmware |
| gl-inet | mt3000 |
| gl-inet | x3000_firmware |
| gl-inet | x3000 |
| gl-inet | xe3000_firmware |
| gl-inet | xe3000 |
| gl-inet | xe300_firmware |
| gl-inet | xe300 |
| gl-inet | e750_firmware |
| gl-inet | e750 |
| gl-inet | x750_firmware |
| gl-inet | x750 |
| gl-inet | sft1200_firmware |
| gl-inet | sft1200 |
| gl-inet | ar300m_firmware |
| gl-inet | ar300m |
| gl-inet | ar300m16_firmware |
| gl-inet | ar300m16 |
| gl-inet | ar750_firmware |
| gl-inet | ar750 |
| gl-inet | ar750s_firmware |
| gl-inet | ar750s |
| gl-inet | b1300_firmware |
| gl-inet | b1300 |
| gl-inet | mt1300_firmware |
| gl-inet | mt1300 |
| gl-inet | mt300n-v2_firmware |
| gl-inet | mt300n-v2 |
| gl-inet | ap1300_firmware |
| gl-inet | ap1300 |
| gl-inet | b2200_firmware |
| gl-inet | b2200 |
| gl-inet | mv1000_firmware |
| gl-inet | mv1000 |
| gl-inet | mv1000w_firmware |
| gl-inet | mv1000w |
| gl-inet | usb150_firmware |
| gl-inet | usb150 |
| gl-inet | sf1200_firmware |
| gl-inet | sf1200 |
| gl-inet | n300_firmware |
| gl-inet | n300 |
| gl-inet | s1300_firmware |
| gl-inet | s1300 |
References
Frequently Asked Questions
What is CVE-2024-39225? +
How severe is CVE-2024-39225? +
What products are affected by CVE-2024-39225? +
How do I check if I'm vulnerable to CVE-2024-39225? +
Related Vulnerabilities
Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to …
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web …
Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to …
Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary …
This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts …
Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key …