ГлавнаяУязвимости → CVE-2024-28077
7.5высокая

CVE-2024-28077

Описание

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.

Затрагиваемое ПО
Gl-inet Mt6000 firmwareGl-inet Mt6000Gl-inet X3000 firmwareGl-inet X3000Gl-inet Xe3000 firmwareGl-inet Xe3000Gl-inet A1300 firmwareGl-inet A1300Gl-inet Ax1800 firmwareGl-inet Ax1800Gl-inet Axt1800 firmwareGl-inet Axt1800Gl-inet Mt2500 firmwareGl-inet Mt2500Gl-inet Mt3000 firmwareGl-inet Mt3000Gl-inet Xe300 firmwareGl-inet Xe300Gl-inet X750 firmwareGl-inet X750Gl-inet Sft1200 firmwareGl-inet Sft1200Gl-inet Ar300m firmwareGl-inet Ar300mGl-inet Ar300m16 firmware
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Denial%20of%20service.mdhttps://gl-inet.com