CVE-2024-28077
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-03 CVE Reserved
- 2024-08-26 CVE Published
- 2024-09-06 EPSS Updated
- 2024-10-30 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://gl-inet.com | ||
| https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.md |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gl-inet Search vendor "Gl-inet" | A1300 Firmware Search vendor "Gl-inet" for product "A1300 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Ar300m16 Firmware Search vendor "Gl-inet" for product "Ar300m16 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Ar300m Firmware Search vendor "Gl-inet" for product "Ar300m Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Ar750 Firmware Search vendor "Gl-inet" for product "Ar750 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Ar750s Firmware Search vendor "Gl-inet" for product "Ar750s Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Ax1800 Firmware Search vendor "Gl-inet" for product "Ax1800 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Axt1800 Firmware Search vendor "Gl-inet" for product "Axt1800 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | B1300 Firmware Search vendor "Gl-inet" for product "B1300 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Mt1300 Firmware Search vendor "Gl-inet" for product "Mt1300 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Mt2500 Firmware Search vendor "Gl-inet" for product "Mt2500 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Mt3000 Firmware Search vendor "Gl-inet" for product "Mt3000 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Mt300n-v2 Firmware Search vendor "Gl-inet" for product "Mt300n-v2 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Mt6000 Firmware Search vendor "Gl-inet" for product "Mt6000 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Sft1200 Firmware Search vendor "Gl-inet" for product "Sft1200 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | X3000 Firmware Search vendor "Gl-inet" for product "X3000 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | X750 Firmware Search vendor "Gl-inet" for product "X750 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Xe3000 Firmware Search vendor "Gl-inet" for product "Xe3000 Firmware" | * | - |
Affected
| ||||||
| Gl-inet Search vendor "Gl-inet" | Xe300 Firmware Search vendor "Gl-inet" for product "Xe300 Firmware" | * | - |
Affected
| ||||||