CVE-2024-28077

None

Description

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.

INFO

Published Date :

2024-08-26T00:00:00.000Z

Last Modified :

2025-03-14T13:12:01.317Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2024-28077 vulnerability.

Vendors	Products
Gl-inet	A1300 A1300 Firmware Ar300m Ar300m16 Ar300m16 Firmware Ar300m Firmware Ar750 Ar750 Firmware Ar750s Ar750s Firmware Ax1800 Ax1800 Firmware Axt1800 Axt1800 Firmware B1300 B1300 Firmware Mt1300 Mt1300 Firmware Mt2500 Mt2500 Firmware Mt3000 Mt3000 Firmware Mt300n-v2 Mt300n-v2 Firmware Mt6000 Mt6000 Firmware Sft1200 Sft1200 Firmware X3000 X3000 Firmware X750 X750 Firmware Xe300 Xe3000 Xe3000 Firmware Xe300 Firmware

Vendors

Products

Gl-inet