CRITICAL🇵🇱 Wersja polska

CVE-2024-39227

CVSS 9.8v3.1pub. 2024-08-06upd. 2024-08-15

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data.

🤖 AI Analysis
How it works

The /cgi-bin/glc endpoint has improperly configured permissions that do not require authentication before processing requests. An attacker can send crafted JSON data to this endpoint, which leads to arbitrary code execution or enables path traversal on the device's file system. The vulnerability is classified as CWE-74 (injection) and CWE-75 (failure to sanitize special elements), indicating a lack of proper input validation and sanitization.

Impact

An attacker can remotely execute arbitrary code on the device (RCE) without needing any credentials, and also gain unauthorized access to any files on the system through path traversal, which may lead to full compromise of the router.

Mitigation & patch

Apply patches available from the manufacturer according to references. It is recommended to monitor the manufacturer's repository at https://github.com/gl-inet/CVE-issues and update the firmware to patched versions as soon as possible. Until the update is applied, access to the device's administrative panel should be restricted to trusted networks only or remote access to the management interface should be disabled.

Who is affected

GL-iNet AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 firmware v4.3.11; MT3000/MT2500/AXT1800/AX1800/A1300/X300B firmware v4.5.16; XE300 firmware v4.3.16; E750 firmware v4.3.12; AP1300/S1300 firmware v4.3.13; XE3000/X3000 firmware v4.4

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gl Inet A1300

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet A1300 Firmware

    OS
    Gl-Inet
    4.5.16
  • Gl Inet Ap1300

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet Ap1300 Firmware

    OS
    Gl-Inet
    3.217
  • Gl Inet Ar300m

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet Ar300m16

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet Ar300m16 Firmware

    OS
    Gl-Inet
    4.3.11
  • Gl Inet Ar300m Firmware

    OS
    Gl-Inet
    4.3.11
  • Gl Inet Ar750

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet Ar750 Firmware

    OS
    Gl-Inet
    4.3.11
  • Gl Inet Ar750s

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet Ar750s Firmware

    OS
    Gl-Inet
    4.3.11
  • Gl Inet Ax1800

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet Ax1800 Firmware

    OS
    Gl-Inet
    4.5.16
  • Gl Inet Axt1800

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet Axt1800 Firmware

    OS
    Gl-Inet
    4.5.16
  • Gl Inet B1300

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet B1300 Firmware

    OS
    Gl-Inet
    4.3.11
  • Gl Inet B2200

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet B2200 Firmware

    OS
    Gl-Inet
    3.216
  • Gl Inet E750

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet E750 Firmware

    OS
    Gl-Inet
    4.3.12
  • Gl Inet Mt1300

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet Mt1300 Firmware

    OS
    Gl-Inet
    4.3.11
  • Gl Inet Mt2500

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet Mt2500 Firmware

    OS
    Gl-Inet
    4.5.16
  • Gl Inet Mt3000

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet Mt3000 Firmware

    OS
    Gl-Inet
    4.5.16
  • Gl Inet Mt300n V2

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet Mt300n V2 Firmware

    OS
    Gl-Inet
    4.3.11
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath TraversalAuth Bypass
CWE
References

Related vulnerabilities

CVE-2026-26793CRITICAL9.8PL ✓ten sam produkt

Command injection w GL-iNet GL-AR300M16 via set_config

CVE-2026-26795CRITICAL9.8PL ✓ten sam produkt

Command injection w GL-iNet GL-AR300M16 via parametr module

CVE-2026-26791CRITICAL9.8PL ✓ten sam produkt

Command injection w GL-iNet GL-AR300M16 — wykonanie dowolnych poleceń

CVE-2026-26792CRITICAL9.8PL ✓ten sam produkt

Command injection w GL-iNet GL-AR300M16 — funkcja set_upgrade

CVE-2024-39225CRITICAL9.8PL ✓ten sam produkt

RCE w firmware GL-iNet — obejście mechanizmu logowania