ГлавнаяУязвимости → CVE-2024-27356
7.5высокая

CVE-2024-27356

Описание

An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.

Затрагиваемое ПО
Gl-inet Mt6000 firmwareGl-inet Mt6000Gl-inet Xe3000 firmwareGl-inet Xe3000Gl-inet X3000 firmwareGl-inet X3000Gl-inet Mt3000 firmwareGl-inet Mt3000Gl-inet Mt2500 firmwareGl-inet Mt2500Gl-inet Axt1800 firmwareGl-inet Axt1800Gl-inet Ax1800 firmwareGl-inet Ax1800Gl-inet A1300 firmwareGl-inet A1300Gl-inet S200 firmwareGl-inet S200Gl-inet X750 firmwareGl-inet X750Gl-inet Sft1200 firmwareGl-inet Sft1200Gl-inet Xe300 firmwareGl-inet Xe300Gl-inet Mt1300 firmware
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.mdhttps://gl-inet.comhttps://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.mdhttps://gl-inet.com