{ "id": "CVE-2024-28077", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-26T20:15:07.733", "lastModified": "2025-03-14T14:15:14.653", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16." }, { "lang": "es", "value": "Se descubri\u00f3 un problema de denegaci\u00f3n de servicio en ciertos dispositivos GL-iNet. Algunos sitios web pueden detectar dispositivos expuestos a la red externa a trav\u00e9s de DDNS y, en consecuencia, obtener las direcciones IP y los puertos de los dispositivos que est\u00e1n expuestos. Al utilizar nombres de usuario especiales y caracteres especiales (como medio par\u00e9ntesis o corchetes), se puede llamar a la interfaz de inicio de sesi\u00f3n y provocar que el programa de administraci\u00f3n de sesiones falle, lo que provocar\u00e1 que los clientes no puedan iniciar sesi\u00f3n en sus dispositivos. Esto afecta a MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10 y XE300 4 .3. 16." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:mt6000_firmware:4.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "5C1C6413-DB3D-4B14-9246-38AA5103615D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCDE99A6-DA15-4E4B-8C60-CCB9D580BD82" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:x3000_firmware:4.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "861A5EB1-2DFF-479C-9202-590DB6E796C9" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "9479FFAA-9C87-4530-884D-B96055A3D41C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:xe3000_firmware:4.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "FB3DD919-EC2B-44CF-AEBD-4EA5A0D52552" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "265EDD5D-B879-4E8A-A6DE-400BC6273A41" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:a1300_firmware:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD782342-ED71-4BD6-97EB-330F14991957" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6DBF472-E98E-4E00-B6A0-6D8FA1678AEA" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:ax1800_firmware:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "5AE60C1C-957D-472A-BB66-21DA80B97099" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*", "matchCriteriaId": "BCB312FD-370C-4DF9-961F-F0C4920AA368" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:axt1800_firmware:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "AED7B3A1-7DEB-4DB0-AA6E-7D27434BD2CD" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF453954-BC32-4577-8CE4-066812193495" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:mt2500_firmware:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C4B6800-8A1B-4522-B5E0-9CC4C09DBA2A" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3ADF5BF3-0F52-4947-8BC2-3505EDEEDF28" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:mt3000_firmware:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "79D3F6BA-60D2-495A-8C74-7E74D3DB25A7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFF2DBFD-2AE0-41BC-B614-9836098119F4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*", "matchCriteriaId": "96241919-0E87-4966-B94F-58DA4DFDA607" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*", "matchCriteriaId": "57D82B62-F057-42A4-8530-86145AE91AC2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:x750_firmware:4.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "0CB74B0F-E141-403A-B480-5B48B9040D4E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D1EDFF0-F67C-4801-815C-309940BD7338" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:sft1200_firmware:4.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "9AE590D9-C0AB-4E3E-8E03-DBF12445AA0B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*", "matchCriteriaId": "E656351D-E06E-435F-B1E5-34B89FD8B54B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:ar300m_firmware:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "E53CE790-1466-4BB0-933B-33B531C0DD55" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*", "matchCriteriaId": "F040AC86-5D7A-4E57-B272-A425DDDE1698" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "83E73FCD-31F7-4BE9-8D16-FB4FDAC685BF" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA3E349B-C40F-4DE6-B977-CF677B2F9814" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:ar750_firmware:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "993B06A2-2BB4-4EBC-904E-802001D9DFEC" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*", "matchCriteriaId": "749A6936-392E-430C-ABD3-33D4C5B3D178" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:ar750s_firmware:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "AD8F61AA-DE3B-44DC-AE73-7D8E807F918E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F18E5F1D-55CD-4F6A-A349-90DD27B29955" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:b1300_firmware:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "5C1EDB92-F871-4F92-B5CB-9DE24A908D8C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*", "matchCriteriaId": "A47EFE3F-D217-469E-BEE6-5D78037C71C3" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:mt1300_firmware:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "CE0558E6-FAC8-4569-9AA4-C96823E591C8" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*", "matchCriteriaId": "5CECA41F-E807-4234-8C41-477DE132210E" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "F5BB0698-5585-4511-88EA-7C265EF22F10" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "797DD304-0AF8-4E2C-8F72-ADF31B8AD6F4" } ] } ] } ], "references": [ { "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://gl-inet.com", "source": "cve@mitre.org", "tags": [ "Product" ] } ] }