CVE-2024-28077

{"id": "CVE-2024-28077", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-08-26T20:15:07.733", "references": [{"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gl-inet.com", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de denegaci\u00f3n de servicio en ciertos dispositivos GL-iNet. Algunos sitios web pueden detectar dispositivos expuestos a la red externa a trav\u00e9s de DDNS y, en consecuencia, obtener las direcciones IP y los puertos de los dispositivos que est\u00e1n expuestos. Al utilizar nombres de usuario especiales y caracteres especiales (como medio par\u00e9ntesis o corchetes), se puede llamar a la interfaz de inicio de sesi\u00f3n y provocar que el programa de administraci\u00f3n de sesiones falle, lo que provocar\u00e1 que los clientes no puedan iniciar sesi\u00f3n en sus dispositivos. Esto afecta a MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10 y XE300 4 .3. 16."}], "lastModified": "2025-03-14T14:15:14.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt6000_firmware:4.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C1C6413-DB3D-4B14-9246-38AA5103615D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CCDE99A6-DA15-4E4B-8C60-CCB9D580BD82"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:x3000_firmware:4.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "861A5EB1-2DFF-479C-9202-590DB6E796C9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9479FFAA-9C87-4530-884D-B96055A3D41C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:xe3000_firmware:4.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB3DD919-EC2B-44CF-AEBD-4EA5A0D52552"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "265EDD5D-B879-4E8A-A6DE-400BC6273A41"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:a1300_firmware:4.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD782342-ED71-4BD6-97EB-330F14991957"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D6DBF472-E98E-4E00-B6A0-6D8FA1678AEA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ax1800_firmware:4.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AE60C1C-957D-472A-BB66-21DA80B97099"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BCB312FD-370C-4DF9-961F-F0C4920AA368"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:axt1800_firmware:4.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AED7B3A1-7DEB-4DB0-AA6E-7D27434BD2CD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FF453954-BC32-4577-8CE4-066812193495"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt2500_firmware:4.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C4B6800-8A1B-4522-B5E0-9CC4C09DBA2A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3ADF5BF3-0F52-4947-8BC2-3505EDEEDF28"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt3000_firmware:4.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79D3F6BA-60D2-495A-8C74-7E74D3DB25A7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AFF2DBFD-2AE0-41BC-B614-9836098119F4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96241919-0E87-4966-B94F-58DA4DFDA607"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57D82B62-F057-42A4-8530-86145AE91AC2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:x750_firmware:4.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CB74B0F-E141-403A-B480-5B48B9040D4E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D1EDFF0-F67C-4801-815C-309940BD7338"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:sft1200_firmware:4.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AE590D9-C0AB-4E3E-8E03-DBF12445AA0B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E656351D-E06E-435F-B1E5-34B89FD8B54B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar300m_firmware:4.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E53CE790-1466-4BB0-933B-33B531C0DD55"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F040AC86-5D7A-4E57-B272-A425DDDE1698"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83E73FCD-31F7-4BE9-8D16-FB4FDAC685BF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FA3E349B-C40F-4DE6-B977-CF677B2F9814"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar750_firmware:4.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "993B06A2-2BB4-4EBC-904E-802001D9DFEC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "749A6936-392E-430C-ABD3-33D4C5B3D178"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar750s_firmware:4.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD8F61AA-DE3B-44DC-AE73-7D8E807F918E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F18E5F1D-55CD-4F6A-A349-90DD27B29955"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:b1300_firmware:4.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C1EDB92-F871-4F92-B5CB-9DE24A908D8C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A47EFE3F-D217-469E-BEE6-5D78037C71C3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt1300_firmware:4.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE0558E6-FAC8-4569-9AA4-C96823E591C8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5CECA41F-E807-4234-8C41-477DE132210E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5BB0698-5585-4511-88EA-7C265EF22F10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "797DD304-0AF8-4E2C-8F72-ADF31B8AD6F4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}