CVE-2024-27356
GL-iNet MT6000 4.5.5 - Arbitrary File Download
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.
Se descubrió un problema en ciertos dispositivos GL-iNet. Los atacantes pueden descargar archivos, como registros, mediante comandos, obteniendo potencialmente información crítica del usuario. Esto afecta a MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3. 10 , X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216 y X1200 3.203.
GL-iNet MT6000 version 4.5.5 suffers from an arbitrary file download vulnerability.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-02-25 CVE Reserved
- 2024-02-27 CVE Published
- 2024-04-02 First Exploit
- 2024-08-07 CVE Updated
- 2025-01-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md | ||
| https://gl-inet.com |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/51942 | 2024-04-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gl-i Search vendor "Gl-i" | X1200 Search vendor "Gl-i" for product "X1200" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | 0300 Search vendor "Gl-inet" for product "0300" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | A1300 Search vendor "Gl-inet" for product "A1300" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Ar3000m16 Search vendor "Gl-inet" for product "Ar3000m16" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Ar3000m Search vendor "Gl-inet" for product "Ar3000m" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Ar750 Search vendor "Gl-inet" for product "Ar750" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Ar750s Search vendor "Gl-inet" for product "Ar750s" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Ax1800 Search vendor "Gl-inet" for product "Ax1800" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Axt1800 Search vendor "Gl-inet" for product "Axt1800" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | B1300 Search vendor "Gl-inet" for product "B1300" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | B2200 Search vendor "Gl-inet" for product "B2200" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Mt1300 Search vendor "Gl-inet" for product "Mt1300" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Mt2500 Search vendor "Gl-inet" for product "Mt2500" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Mt3000 Search vendor "Gl-inet" for product "Mt3000" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Mt300nv2 Search vendor "Gl-inet" for product "Mt300nv2" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Mv1000 Search vendor "Gl-inet" for product "Mv1000" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | N300 Search vendor "Gl-inet" for product "N300" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | S1300 Search vendor "Gl-inet" for product "S1300" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | S200 Search vendor "Gl-inet" for product "S200" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Sf1200 Search vendor "Gl-inet" for product "Sf1200" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Sft1200 Search vendor "Gl-inet" for product "Sft1200" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | X3000 Search vendor "Gl-inet" for product "X3000" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | X300b Search vendor "Gl-inet" for product "X300b" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | X750 Search vendor "Gl-inet" for product "X750" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Xe3000 Search vendor "Gl-inet" for product "Xe3000" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Xe300 Search vendor "Gl-inet" for product "Xe300" | * | - |
Affected
| ||||||
| Gl.inet Search vendor "Gl.inet" | Mt6000 Search vendor "Gl.inet" for product "Mt6000" | * | - |
Affected
| ||||||