Unrated severityNVD Advisory· Published Aug 6, 2024· Updated Nov 12, 2024

CVE-2024-39226

Description

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.

Affected products

GL-iNet/GL-iNet productsdescription
Gl Inet/AR300Mllm-create
Range: = v4.3.11
Gl Inet/AR750llm-fuzzy
Range: = v4.3.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/gl-inet/CVE-issues/blob/main/4.0.0/s2s%20interface%20shell%20injection.mdmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.011
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000