CVE-2024-28077

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-28077
A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md Third Party Advisory
https://gl-inet.com Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:gl-inet:mt6000_firmware:4.5.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:gl-inet:x3000_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:gl-inet:xe3000_firmware:4.4.4:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:gl-inet:a1300_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:gl-inet:ax1800_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:gl-inet:axt1800_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:gl-inet:mt2500_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:gl-inet:mt3000_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:gl-inet:x750_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:gl-inet:sft1200_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:gl-inet:ar300m_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:gl-inet:ar750_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:gl-inet:ar750s_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:gl-inet:b1300_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:gl-inet:mt1300_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*
History

05 Sep 2024, 18:29

Type Values Removed Values Added
First Time Gl-inet sft1200 Firmware
Gl-inet b1300
Gl-inet mt3000 Firmware
Gl-inet x750 Firmware
Gl-inet xe300 Firmware
Gl-inet mt300n-v2 Firmware
Gl-inet mt2500 Firmware
Gl-inet mt1300
Gl-inet mt6000 Firmware
Gl-inet mt1300 Firmware
Gl-inet mt6000
Gl-inet axt1800 Firmware
Gl-inet b1300 Firmware
Gl-inet ar750s Firmware
Gl-inet ax1800
Gl-inet a1300 Firmware
Gl-inet ar300m16 Firmware
Gl-inet xe3000 Firmware
Gl-inet xe300
Gl-inet mt2500
Gl-inet ar300m
Gl-inet
Gl-inet a1300
Gl-inet mt300n-v2
Gl-inet xe3000
Gl-inet ax1800 Firmware
Gl-inet x3000 Firmware
Gl-inet sft1200
Gl-inet axt1800
Gl-inet ar750 Firmware
Gl-inet ar300m16
Gl-inet ar750
Gl-inet x750
Gl-inet x3000
Gl-inet ar750s
Gl-inet mt3000
Gl-inet ar300m Firmware
CPE cpe:2.3:o:gl-inet:x3000_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b1300_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt3000_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt2500_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt1300_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:a1300_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x750_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:sft1200_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ax1800_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe3000_firmware:4.4.4:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:axt1800_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750s_firmware:4.3.10:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt6000_firmware:4.5.6:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
References () https://gl-inet.com - () https://gl-inet.com - Product
References () https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md - () https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md - Third Party Advisory

26 Aug 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-26 20:15

Updated : 2025-03-14 14:15

NVD link : CVE-2024-28077

Mitre link : CVE-2024-28077

JSON object : View

Products Affected

gl-inet

  • x750_firmware
  • b1300_firmware
  • mt3000
  • mt300n-v2
  • x3000_firmware
  • xe3000_firmware
  • mt2500_firmware
  • b1300
  • ar300m
  • ax1800
  • ar750s_firmware
  • xe300
  • ax1800_firmware
  • mt3000_firmware
  • mt300n-v2_firmware
  • x750
  • ar750_firmware
  • xe3000
  • mt1300
  • ar300m16_firmware
  • mt2500
  • ar300m_firmware
  • ar750
  • ar750s
  • mt6000
  • x3000
  • mt1300_firmware
  • sft1200_firmware
  • xe300_firmware
  • a1300
  • a1300_firmware
  • sft1200
  • mt6000_firmware
  • axt1800_firmware
  • axt1800
  • ar300m16
CWE
NVD-CWE-noinfo