CVE-2024-39229
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/08/2024
Last modified:
15/08/2024
Description
An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page