Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mv1000_firmware
(Gl\-Inet)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-06 | CVE-2024-39226 | GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API. | A1300_firmware, Ap1300_firmware, Ar300m16_firmware, Ar300m_firmware, Ar750_firmware, Ar750s_firmware, Ax1800_firmware, Axt1800_firmware, B1300_firmware, B2200_firmware, E750_firmware, Mt1300_firmware, Mt2500_firmware, Mt3000_firmware, Mt300n\-V2_firmware, Mt6000_firmware, Mv1000_firmware, Mv1000w_firmware, N300_firmware, S1300_firmware, Sf1200_firmware, Sft1200_firmware, Usb150_firmware, X3000_firmware, X300b_firmware, X750_firmware, Xe3000_firmware, Xe300_firmware | 9.8 | ||
| 2024-08-06 | CVE-2024-39225 | GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability. | A1300_firmware, Ap1300_firmware, Ar300m16_firmware, Ar300m_firmware, Ar750_firmware, Ar750s_firmware, Ax1800_firmware, Axt1800_firmware, B1300_firmware, B2200_firmware, E750_firmware, Mt1300_firmware, Mt2500_firmware, Mt3000_firmware, Mt300n\-V2_firmware, Mt6000_firmware, Mv1000_firmware, Mv1000w_firmware, N300_firmware, S1300_firmware, Sf1200_firmware, Sft1200_firmware, Usb150_firmware, X3000_firmware, X300b_firmware, X750_firmware, Xe3000_firmware, Xe300_firmware | 9.8 | ||
| 2024-08-06 | CVE-2024-39228 | GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config. | A1300_firmware, Ap1300_firmware, Ar300m16_firmware, Ar300m_firmware, Ar750_firmware, Ar750s_firmware, Ax1800_firmware, Axt1800_firmware, B1300_firmware, B2200_firmware, E750_firmware, Mt1300_firmware, Mt2500_firmware, Mt3000_firmware, Mt300n\-V2_firmware, Mt6000_firmware, Mv1000_firmware, Mv1000w_firmware, N300_firmware, S1300_firmware, Sf1200_firmware, Sft1200_firmware, Usb150_firmware, X3000_firmware, X300b_firmware, X750_firmware, Xe3000_firmware, Xe300_firmware | 9.8 | ||
| 2024-08-06 | CVE-2024-39227 | GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data. | A1300_firmware, Ap1300_firmware, Ar300m16_firmware, Ar300m_firmware, Ar750_firmware, Ar750s_firmware, Ax1800_firmware, Axt1800_firmware, B1300_firmware, B2200_firmware, E750_firmware, Mt1300_firmware, Mt2500_firmware, Mt3000_firmware, Mt300n\-V2_firmware, Mt6000_firmware, Mv1000_firmware, Mv1000w_firmware, N300_firmware, S1300_firmware, Sf1200_firmware, Sft1200_firmware, Usb150_firmware, X3000_firmware, X300b_firmware, X750_firmware, Xe3000_firmware, Xe300_firmware | 9.8 | ||
| 2024-08-06 | CVE-2024-39229 | An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server. | A1300_firmware, Ap1300_firmware, Ar300m16_firmware, Ar300m_firmware, Ar750_firmware, Ar750s_firmware, Ax1800_firmware, Axt1800_firmware, B1300_firmware, B2200_firmware, E750_firmware, Mt1300_firmware, Mt2500_firmware, Mt3000_firmware, Mt300n\-V2_firmware, Mt6000_firmware, Mv1000_firmware, Mv1000w_firmware, N300_firmware, S1300_firmware, Sf1200_firmware, Sft1200_firmware, Usb150_firmware, X3000_firmware, X300b_firmware, X750_firmware, Xe3000_firmware, Xe300_firmware | 5.3 |