ГлавнаяУязвимости → CVE-2024-39228
9.8критическая

CVE-2024-39228

Описание

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config.

Затрагиваемое ПО
Gl-inet Mt6000 firmwareGl-inet Mt6000Gl-inet A1300 firmwareGl-inet A1300Gl-inet X300b firmwareGl-inet X300bGl-inet Ax1800 firmwareGl-inet Ax1800Gl-inet Axt1800 firmwareGl-inet Axt1800Gl-inet Mt2500 firmwareGl-inet Mt2500Gl-inet Mt3000 firmwareGl-inet Mt3000Gl-inet X3000 firmwareGl-inet X3000Gl-inet Xe3000 firmwareGl-inet Xe3000Gl-inet Xe300 firmwareGl-inet Xe300Gl-inet E750 firmwareGl-inet E750Gl-inet X750 firmwareGl-inet X750Gl-inet Sft1200 firmware
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Ovpn%20interface%20shell%20injection.md