CVE-2024-39228
CRITICALDescription
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config.
Is your site exposed to CVE-2024-39228?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| gl-inet | mt6000_firmware |
| gl-inet | mt6000 |
| gl-inet | a1300_firmware |
| gl-inet | a1300 |
| gl-inet | x300b_firmware |
| gl-inet | x300b |
| gl-inet | ax1800_firmware |
| gl-inet | ax1800 |
| gl-inet | axt1800_firmware |
| gl-inet | axt1800 |
| gl-inet | mt2500_firmware |
| gl-inet | mt2500 |
| gl-inet | mt3000_firmware |
| gl-inet | mt3000 |
| gl-inet | x3000_firmware |
| gl-inet | x3000 |
| gl-inet | xe3000_firmware |
| gl-inet | xe3000 |
| gl-inet | xe300_firmware |
| gl-inet | xe300 |
| gl-inet | e750_firmware |
| gl-inet | e750 |
| gl-inet | x750_firmware |
| gl-inet | x750 |
| gl-inet | sft1200_firmware |
| gl-inet | sft1200 |
| gl-inet | ar300m_firmware |
| gl-inet | ar300m |
| gl-inet | ar300m16_firmware |
| gl-inet | ar300m16 |
| gl-inet | ar750_firmware |
| gl-inet | ar750 |
| gl-inet | ar750s_firmware |
| gl-inet | ar750s |
| gl-inet | b1300_firmware |
| gl-inet | b1300 |
| gl-inet | mt1300_firmware |
| gl-inet | mt1300 |
| gl-inet | mt300n-v2_firmware |
| gl-inet | mt300n-v2 |
| gl-inet | ap1300_firmware |
| gl-inet | ap1300 |
| gl-inet | b2200_firmware |
| gl-inet | b2200 |
| gl-inet | mv1000_firmware |
| gl-inet | mv1000 |
| gl-inet | mv1000w_firmware |
| gl-inet | mv1000w |
| gl-inet | usb150_firmware |
| gl-inet | usb150 |
| gl-inet | sf1200_firmware |
| gl-inet | sf1200 |
| gl-inet | n300_firmware |
| gl-inet | n300 |
| gl-inet | s1300_firmware |
| gl-inet | s1300 |
References
Frequently Asked Questions
What is CVE-2024-39228? +
How severe is CVE-2024-39228? +
What products are affected by CVE-2024-39228? +
How do I check if I'm vulnerable to CVE-2024-39228? +
Related Vulnerabilities
Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted …
An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web …
3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context …
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the adm.cgi binary's reboot_time function that …
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated …
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated …