CVE-2024-39229Medium
CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →Share link
Anyone with the link can open this vulnerability.
An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X…
CVSS
5.3
Medium
EPSS
0.00
p7
Published
2024-01-01
Updated
2024-01-01
Description
An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.
Tags · CWE
CWE-924
CWE-924BaseIncomplete
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.
https://cwe.mitre.org/data/definitions/924.html →Open in CWE collection →Affected products
A1300_firmwareAp1300_firmwareAr300m16_firmwareAr300m_firmwareAr750_firmwareAr750s_firmwareAx1800_firmwareAxt1800_firmwareB1300_firmwareB2200_firmwareE750_firmwareMt1300_firmwareMt2500_firmwareMt3000_firmwareMt300n-v2_firmwareMt6000_firmwareMv1000_firmwareMv1000w_firmwareN300_firmwareS1300_firmware
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Timeline
2024-01-01
Published
2024-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: H
High (H)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.002 · p7
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
| Product | Vendor | Status |
|---|---|---|
| a1300_firmware | * | Tracked |
| ap1300_firmware | * | Tracked |
| ar300m16_firmware | * | Tracked |
| ar300m_firmware | * | Tracked |
| ar750_firmware | * | Tracked |
| ar750s_firmware | * | Tracked |
| ax1800_firmware | * | Tracked |
| axt1800_firmware | * | Tracked |
| b1300_firmware | * | Tracked |
| b2200_firmware | * | Tracked |
| e750_firmware | * | Tracked |
| mt1300_firmware | * | Tracked |
| mt2500_firmware | * | Tracked |
| mt3000_firmware | * | Tracked |
| mt300n-v2_firmware | * | Tracked |
| mt6000_firmware | * | Tracked |
| mv1000_firmware | * | Tracked |
| mv1000w_firmware | * | Tracked |
| n300_firmware | * | Tracked |
| s1300_firmware | * | Tracked |
Showing first 20 of 28
Source databases
CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →