Description

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.

INFO

Published Date :

2024-08-06T00:00:00.000Z

Last Modified :

2024-11-12T17:08:43.264Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-39226 vulnerability.

Vendors Products
Gl-inet
  • A1300
  • A1300 Firmware
  • Ap1300
  • Ap1300 Firmware
  • Ar300m
  • Ar300m16
  • Ar300m16 Firmware
  • Ar300m Firmware
  • Ar750
  • Ar750 Firmware
  • Ar750s
  • Ar750s Firmware
  • Ax1800
  • Ax1800 Firmware
  • Axt1800
  • Axt1800 Firmware
  • B1300
  • B1300 Firmware
  • B2200
  • B2200 Firmware
  • E750
  • E750 Firmware
  • Mt1300
  • Mt1300 Firmware
  • Mt2500
  • Mt2500 Firmware
  • Mt3000
  • Mt3000 Firmware
  • Mt300n-v2
  • Mt300n-v2 Firmware
  • Mt6000
  • Mt6000 Firmware
  • Mv1000
  • Mv1000 Firmware
  • Mv1000w
  • Mv1000w Firmware
  • N300
  • N300 Firmware
  • S1300
  • S1300 Firmware
  • Sf1200
  • Sf1200 Firmware
  • Sft1200
  • Sft1200 Firmware
  • Usb150
  • Usb150 Firmware
  • X3000
  • X3000 Firmware
  • X300b
  • X300b Firmware
  • X750
  • X750 Firmware
  • Xe300
  • Xe3000
  • Xe3000 Firmware
  • Xe300 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-39226.

URL Resource
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/s2s%20interface%20shell%20injection.md cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact