7.5

CVE-2024-27356

EPSS 15.18%
Veröffentlicht 27.02.2024 01:15:07
Zuletzt bearbeitet 18.09.2025 16:27:34
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gl-inet ≫ Mt6000 Firmware Version4.5.5

Gl-inet ≫ Mt6000 Version-

Gl-inet ≫ Xe3000 Firmware Version4.4.4

Gl-inet ≫ Xe3000 Version-

Gl-inet ≫ X3000 Firmware Version4.4.5

Gl-inet ≫ X3000 Version-

Gl-inet ≫ Mt3000 Firmware Version4.5.0

Gl-inet ≫ Mt3000 Version-

Gl-inet ≫ Mt2500 Firmware Version4.5.0

Gl-inet ≫ Mt2500 Version-

Gl-inet ≫ Axt1800 Firmware Version4.5.0

Gl-inet ≫ Axt1800 Version-

Gl-inet ≫ Ax1800 Firmware Version4.5.0

Gl-inet ≫ Ax1800 Version-

Gl-inet ≫ A1300 Firmware Version4.5.0

Gl-inet ≫ A1300 Version-

Gl-inet ≫ S200 Firmware Version4.1.4-0300

Gl-inet ≫ S200 Version-

Gl-inet ≫ X750 Firmware Version4.3.7

Gl-inet ≫ X750 Version-

Gl-inet ≫ Sft1200 Firmware Version4.37

Gl-inet ≫ Sft1200 Version-

Gl-inet ≫ Xe300 Firmware Version4.3.7

Gl-inet ≫ Xe300 Version-

Gl-inet ≫ Mt1300 Firmware Version4.3.10

Gl-inet ≫ Mt1300 Version-

Gl-inet ≫ Ar750 Firmware Version4.3.10

Gl-inet ≫ Ar750 Version-

Gl-inet ≫ Ar750s Firmware Version4.3.10

Gl-inet ≫ Ar750s Version-

Gl-inet ≫ Ar300m Firmware Version4.3.10

Gl-inet ≫ Ar300m Version-

Gl-inet ≫ Ar300m16 Firmware Version4.3.10

Gl-inet ≫ Ar300m16 Version-

Gl-inet ≫ B1300 Firmware Version4.3.10

Gl-inet ≫ B1300 Version-

Gl-inet ≫ Mt300n-v2 Firmware Version4.3.10

Gl-inet ≫ Mt300n-v2 Version-

Gl-inet ≫ X300b Firmware Version3.217

Gl-inet ≫ X300b Version-

Gl-inet ≫ S1300 Firmware Version3.216

Gl-inet ≫ S1300 Version-

Gl-inet ≫ Sf1200 Firmware Version3.216

Gl-inet ≫ Sf1200 Version-

Gl-inet ≫ Mv1000 Firmware Version3.216

Gl-inet ≫ Mv1000 Version-

Gl-inet ≫ N300 Firmware Version3.216

Gl-inet ≫ N300 Version-

Gl-inet ≫ B2200 Firmware Version3.216

Gl-inet ≫ B2200 Version-

Gl-inet ≫ X1200 Firmware Version3.203

Gl-inet ≫ X1200 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	15.18%	0.944

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md

Third Party Advisory

https://gl-inet.com

Product

https://nvd.nist.gov/vuln/detail/CVE-2024-27356

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27356

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27356

EUVD