CVE-2024-39229
MEDIUM EPSS 7.6%
Published Aug 6, 20241y ago · Modified Jun 17, 20261w ago
5.3 CVSS 3.1
Published Aug 6, 2024 1y ago
Last Modified Jun 17, 2026 1w ago
Description
An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability None
Threat Intelligence
EPSS Exploit Probability
7.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-924
Affected Products 56
| Vendor | Product | Version | Range |
|---|---|---|---|
| gl-inet | mt6000_firmware | 4.5.8 | any |
| gl-inet | mt6000 | * | any |
| gl-inet | a1300_firmware | 4.5.16 | any |
| gl-inet | a1300 | * | any |
| gl-inet | x300b_firmware | 4.5.16 | any |
| gl-inet | x300b | * | any |
| gl-inet | ax1800_firmware | 4.5.16 | any |
| gl-inet | ax1800 | * | any |
| gl-inet | axt1800_firmware | 4.5.16 | any |
| gl-inet | axt1800 | * | any |
| gl-inet | mt2500_firmware | 4.5.16 | any |
| gl-inet | mt2500 | * | any |
| gl-inet | mt3000_firmware | 4.5.16 | any |
| gl-inet | mt3000 | * | any |
| gl-inet | x3000_firmware | 4.4.8 | any |
| gl-inet | x3000 | * | any |
| gl-inet | xe3000_firmware | 4.4.8 | any |
| gl-inet | xe3000 | * | any |
| gl-inet | xe300_firmware | 4.3.16 | any |
| gl-inet | xe300 | * | any |
| gl-inet | e750_firmware | 4.3.12 | any |
| gl-inet | e750 | * | any |
| gl-inet | x750_firmware | 4.3.11 | any |
| gl-inet | x750 | * | any |
| gl-inet | sft1200_firmware | 4.3.11 | any |
| gl-inet | sft1200 | * | any |
| gl-inet | ar300m_firmware | 4.3.11 | any |
| gl-inet | ar300m | * | any |
| gl-inet | ar300m16_firmware | 4.3.11 | any |
| gl-inet | ar300m16 | * | any |
| gl-inet | ar750_firmware | 4.3.11 | any |
| gl-inet | ar750 | * | any |
| gl-inet | ar750s_firmware | 4.3.11 | any |
| gl-inet | ar750s | * | any |
| gl-inet | b1300_firmware | 4.3.11 | any |
| gl-inet | b1300 | * | any |
| gl-inet | mt1300_firmware | 4.3.11 | any |
| gl-inet | mt1300 | * | any |
| gl-inet | mt300n-v2_firmware | 4.3.11 | any |
| gl-inet | mt300n-v2 | * | any |
| gl-inet | ap1300_firmware | 3.217 | any |
| gl-inet | ap1300 | * | any |
| gl-inet | b2200_firmware | 3.216 | any |
| gl-inet | b2200 | * | any |
| gl-inet | mv1000_firmware | 3.216 | any |
| gl-inet | mv1000 | * | any |
| gl-inet | mv1000w_firmware | 3.216 | any |
| gl-inet | mv1000w | * | any |
| gl-inet | usb150_firmware | 3.216 | any |
| gl-inet | usb150 | * | any |
| gl-inet | sf1200_firmware | 3.216 | any |
| gl-inet | sf1200 | * | any |
| gl-inet | n300_firmware | 3.216 | any |
| gl-inet | n300 | * | any |
| gl-inet | s1300_firmware | 3.216 | any |
| gl-inet | s1300 | * | any |
References 1
- github.com https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/DDNS%20data%20is%20not%20encrypted.md
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.