BDU:2024-04298

BDU

HighConfirmedExploit available

Уязвимость панели администратора микропрограммного обеспечения маршрутизаторов GL.iNet связана с использованием ненадёжного пути поиска в п…

CVSS

8.2

High

EPSS

0.00

Published

2024-01-01

Updated

2024-01-01

Description

Уязвимость панели администратора микропрограммного обеспечения маршрутизаторов GL.iNet связана с использованием ненадёжного пути поиска в процессе экспорта журналов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации и загружать произвольные файлы

Tags · CWE

Pre-auth

Affected products

Gl tech (hk) ltd. Gl-a1300Gl tech (hk) ltd. Gl-ar300mGl tech (hk) ltd. Gl-ar300m16Gl tech (hk) ltd. Gl-ar750Gl tech (hk) ltd. Gl-ar750sGl tech (hk) ltd. Gl-ax1800Gl tech (hk) ltd. Gl-axt1800Gl tech (hk) ltd. Gl-b1300Gl tech (hk) ltd. Gl-b2200Gl tech (hk) ltd. Gl-mt1300Gl tech (hk) ltd. Gl-mt2500Gl tech (hk) ltd. Gl-mt3000Gl tech (hk) ltd. Gl-mt300n-v2Gl tech (hk) ltd. Gl-mt6000Gl tech (hk) ltd. Gl-mv1000Gl tech (hk) ltd. Gl-s1300Gl tech (hk) ltd. Gl-s200Gl tech (hk) ltd. Gl-sf1200Gl tech (hk) ltd. Gl-sft1200Gl tech (hk) ltd. Gl-x1200

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Timeline

2024-01-01

Published

2024-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: N

None (N)

Availability Impact

A: L

Low (L)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

51942

exploitdb · https://www.exploit-db.com/exploits/51942

Enterprise

Affected products

Gl Tech (hk)

Gl-mt3000 Gl-ax1800 Gl-a1300 Gl-ar300m Gl-ar750s Gl-axt1800 Gl-b1300 Gl-mt1300 Gl-mt2500 Gl-mt300n-v2+16

Product	Vendor	Status
gl-a1300	gl tech (hk) ltd.	Tracked
gl-ar300m	gl tech (hk) ltd.	Tracked
gl-ar300m16	gl tech (hk) ltd.	Tracked
gl-ar750	gl tech (hk) ltd.	Tracked
gl-ar750s	gl tech (hk) ltd.	Tracked
gl-ax1800	gl tech (hk) ltd.	Tracked
gl-axt1800	gl tech (hk) ltd.	Tracked
gl-b1300	gl tech (hk) ltd.	Tracked
gl-b2200	gl tech (hk) ltd.	Tracked
gl-mt1300	gl tech (hk) ltd.	Tracked
gl-mt2500	gl tech (hk) ltd.	Tracked
gl-mt3000	gl tech (hk) ltd.	Tracked
gl-mt300n-v2	gl tech (hk) ltd.	Tracked
gl-mt6000	gl tech (hk) ltd.	Tracked
gl-mv1000	gl tech (hk) ltd.	Tracked
gl-s1300	gl tech (hk) ltd.	Tracked
gl-s200	gl tech (hk) ltd.	Tracked
gl-sf1200	gl tech (hk) ltd.	Tracked
gl-sft1200	gl tech (hk) ltd.	Tracked
gl-x1200	gl tech (hk) ltd.	Tracked

Showing first 20 of 26

Source databases

BDU

Related vulnerabilities

CVE-2024-27356

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-27356@https://www.exploit-db.com/exploits/51942@https://www.exploit-db.com/exploits/51942@https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md@https://packetstormsecurity.com/files/177886/GL-iNet-MT6000-4.5.5-Arbitrary-File-Download.html@https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-29-2024/