CVE-2024-28077

EPSS 0.17%
Veröffentlicht 26.08.2024 20:15:07
Zuletzt bearbeitet 14.03.2025 14:15:14
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gl-inet ≫ Mt6000 Firmware Version4.5.6

Gl-inet ≫ Mt6000 Version-

Gl-inet ≫ X3000 Firmware Version4.4.6

Gl-inet ≫ X3000 Version-

Gl-inet ≫ Xe3000 Firmware Version4.4.4

Gl-inet ≫ Xe3000 Version-

Gl-inet ≫ A1300 Firmware Version4.5.0

Gl-inet ≫ A1300 Version-

Gl-inet ≫ Ax1800 Firmware Version4.5.0

Gl-inet ≫ Ax1800 Version-

Gl-inet ≫ Axt1800 Firmware Version4.5.0

Gl-inet ≫ Axt1800 Version-

Gl-inet ≫ Mt2500 Firmware Version4.5.0

Gl-inet ≫ Mt2500 Version-

Gl-inet ≫ Mt3000 Firmware Version4.5.0

Gl-inet ≫ Mt3000 Version-

Gl-inet ≫ Xe300 Firmware Version4.3.16

Gl-inet ≫ Xe300 Version-

Gl-inet ≫ X750 Firmware Version4.3.7

Gl-inet ≫ X750 Version-

Gl-inet ≫ Sft1200 Firmware Version4.3.7

Gl-inet ≫ Sft1200 Version-

Gl-inet ≫ Ar300m Firmware Version4.3.10

Gl-inet ≫ Ar300m Version-

Gl-inet ≫ Ar300m16 Firmware Version4.3.10

Gl-inet ≫ Ar300m16 Version-

Gl-inet ≫ Ar750 Firmware Version4.3.10

Gl-inet ≫ Ar750 Version-

Gl-inet ≫ Ar750s Firmware Version4.3.10

Gl-inet ≫ Ar750s Version-

Gl-inet ≫ B1300 Firmware Version4.3.10

Gl-inet ≫ B1300 Version-

Gl-inet ≫ Mt1300 Firmware Version4.3.10

Gl-inet ≫ Mt1300 Version-

Gl-inet ≫ Mt300n-v2 Firmware Version4.3.10

Gl-inet ≫ Mt300n-v2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.381

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://gl-inet.com

Product

https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-28077

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-28077

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-28077

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-28077