CVE-2024-39229

An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ap1300:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b2200:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000w:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:usb150:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sf1200:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:n300:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:s1300:-:*:*:*:*:*:*:*

History

15 Aug 2024, 16:15

Type Values Removed Values Added
References
  • {'url': 'http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com', 'tags': ['Broken Link'], 'source': 'cve@mitre.org'}

12 Aug 2024, 18:48

Type Values Removed Values Added
References () http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com - () http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com - Broken Link
References () https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/DDNS%20data%20is%20not%20encrypted.md - () https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/DDNS%20data%20is%20not%20encrypted.md - Exploit, Third Party Advisory
CPE cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe300_firmware:4.3.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:e750_firmware:4.3.12:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x750_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b1300_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b2200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:n300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ap1300_firmware:3.217:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:s1300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:usb150:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mv1000w_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:usb150_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sf1200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt3000_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750s_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe3000_firmware:4.4.8:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ap1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt1300_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:sft1200_firmware:4.3.11:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mv1000w:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*
First Time Gl-inet a1300
Gl-inet mt2500
Gl-inet axt1800
Gl-inet xe3000 Firmware
Gl-inet sft1200
Gl-inet ar750 Firmware
Gl-inet x300b
Gl-inet ar750s Firmware
Gl-inet b2200 Firmware
Gl-inet mt3000
Gl-inet mv1000w
Gl-inet ar300m Firmware
Gl-inet a1300 Firmware
Gl-inet ax1800
Gl-inet xe300 Firmware
Gl-inet ar300m16 Firmware
Gl-inet b1300
Gl-inet mt6000
Gl-inet xe300
Gl-inet usb150 Firmware
Gl-inet x750
Gl-inet mv1000w Firmware
Gl-inet b1300 Firmware
Gl-inet ar300m16
Gl-inet x3000 Firmware
Gl-inet n300 Firmware
Gl-inet ap1300 Firmware
Gl-inet s1300 Firmware
Gl-inet ap1300
Gl-inet ar750
Gl-inet ar750s
Gl-inet x750 Firmware
Gl-inet sf1200 Firmware
Gl-inet mt300n-v2
Gl-inet sf1200
Gl-inet mt1300 Firmware
Gl-inet n300
Gl-inet b2200
Gl-inet ar300m
Gl-inet x300b Firmware
Gl-inet mt300n-v2 Firmware
Gl-inet mt6000 Firmware
Gl-inet usb150
Gl-inet mv1000 Firmware
Gl-inet axt1800 Firmware
Gl-inet xe3000
Gl-inet s1300
Gl-inet sft1200 Firmware
Gl-inet mt2500 Firmware
Gl-inet mt1300
Gl-inet mt3000 Firmware
Gl-inet mv1000
Gl-inet e750 Firmware
Gl-inet ax1800 Firmware
Gl-inet
Gl-inet x3000
Gl-inet e750
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CWE NVD-CWE-noinfo

07 Aug 2024, 15:17

Type Values Removed Values Added
Summary
  • (es) Un problema en los productos GL-iNet AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4 y B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 permiten a los atacantes interceptar comunicaciones a través de un ataque de intermediario cuando los clientes DDNS están reportando datos al servidor.

06 Aug 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 17:15

Updated : 2024-08-15 16:15


NVD link : CVE-2024-39229

Mitre link : CVE-2024-39229

CVE.ORG link : CVE-2024-39229


JSON object : View

Products Affected

gl-inet

  • mt6000_firmware
  • ar750s_firmware
  • s1300
  • usb150_firmware
  • sf1200
  • x300b_firmware
  • usb150
  • ap1300
  • mt2500_firmware
  • mv1000_firmware
  • n300_firmware
  • xe300
  • mt300n-v2
  • e750
  • sft1200_firmware
  • ar300m16_firmware
  • mt300n-v2_firmware
  • x300b
  • mv1000w
  • ap1300_firmware
  • mt3000_firmware
  • x750_firmware
  • x750
  • mv1000w_firmware
  • xe3000_firmware
  • x3000
  • axt1800
  • xe300_firmware
  • b2200_firmware
  • ar750_firmware
  • b1300_firmware
  • b1300
  • ar300m16
  • mt3000
  • s1300_firmware
  • mt2500
  • ar300m_firmware
  • a1300_firmware
  • ax1800
  • n300
  • a1300
  • sft1200
  • ar750
  • axt1800_firmware
  • ar300m
  • mt1300
  • b2200
  • ar750s
  • mv1000
  • mt1300_firmware
  • ax1800_firmware
  • xe3000
  • sf1200_firmware
  • e750_firmware
  • mt6000
  • x3000_firmware