CVE-2024-39226: Path Traversal
First published: Tue Aug 06 2024(Updated: )
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| GL.iNet MT6000 | ||
| GL-iNet MT6000 firmware | =4.5.8 | |
| All of | ||
| GL-iNet A1300 firmware | ||
| GL.iNet A1300 firmware | =4.5.16 | |
| All of | ||
| GL-iNet X300B firmware | ||
| GL.iNet X300B firmware | =4.5.16 | |
| All of | ||
| GL.iNet GL-AX1800 | ||
| Netgear Nighthawk AX1800 Firmware | =4.5.16 | |
| All of | ||
| GL-iNet AXT1800 firmware | ||
| GL.iNET GL-AXT1800 | =4.5.16 | |
| All of | ||
| GL.iNet MT2500 firmware | ||
| GL.iNet MT2500 firmware | =4.5.16 | |
| All of | ||
| GL.iNet MT3000 Firmware | =4.5.16 | |
| GL.iNet MT3000 Firmware | ||
| All of | ||
| GL.iNet GL-X3000 Firmware | ||
| GL.iNet GL-X3000 Firmware | =4.4.8 | |
| All of | ||
| GL-iNet XE3000 firmware | =4.4.8 | |
| GL-iNet XE3000 firmware | ||
| All of | ||
| GL.iNet XE300 firmware | =4.3.16 | |
| GL-iNet XE300 firmware | ||
| All of | ||
| GL.iNet GL-E750 | =4.3.12 | |
| GL-iNet E750 firmware | ||
| All of | ||
| GL.iNet X750 firmware | =4.3.11 | |
| GL.iNet X750 | ||
| All of | ||
| GL.iNet SFT1200 firmware | =4.3.11 | |
| GL.iNet SFT1200 firmware | ||
| All of | ||
| GL.iNet GL-AR300M | =4.3.11 | |
| GL.iNet GL-AR300M | ||
| All of | ||
| GL.iNet AR300M16 firmware | =4.3.11 | |
| GL.iNet AR300M16 firmware | ||
| All of | ||
| GL.iNet AR750 Firmware | =4.3.11 | |
| GL.iNet AR750 Firmware | ||
| All of | ||
| GL.iNet GL-AR750S Firmware | =4.3.11 | |
| GL.iNet AR750S | ||
| All of | ||
| GL.iNet B1300 firmware | =4.3.11 | |
| GL.iNet B1300 firmware | ||
| All of | ||
| GL.iNet GL-MT1300 Firmware | =4.3.11 | |
| GL.iNet GL-MT1300 Beryl | ||
| All of | ||
| GL.iNet MT300N-V2 firmware | =4.3.11 | |
| GL-iNet MT300N-V2 firmware | ||
| All of | ||
| GL.iNet AP1300 Firmware | =3.217 | |
| GL-iNet AP1300 firmware | ||
| All of | ||
| GL.iNet GL-B2200 Firmware | =3.216 | |
| GL-iNet B2200 firmware | ||
| All of | ||
| GL.iNet MV1000 firmware | =3.216 | |
| GL.iNet MV1000 | ||
| All of | ||
| GL.iNet GL-MV1000W | =3.216 | |
| GL.iNet GL-MV1000W | ||
| All of | ||
| GL.iNet USB150 firmware | =3.216 | |
| GL-iNet USB150 firmware | ||
| All of | ||
| GL.iNet SFT1200 firmware | =3.216 | |
| GL-iNet SF1200 firmware | ||
| All of | ||
| GL.iNet MiRouter-N300 Firmware | =3.216 | |
| GL-iNet N300 firmware | ||
| All of | ||
| GL.iNet GL-S1300 Firmware | =3.216 | |
| GL-iNet S1300 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-39226?
CVE-2024-39226 is classified as a significant security vulnerability due to its potential to manipulate router functionalities.
How do I fix CVE-2024-39226?
To remediate CVE-2024-39226, update the affected GL-iNet devices to the latest firmware version provided by the manufacturer.
Which GL-iNet products are affected by CVE-2024-39226?
CVE-2024-39226 affects various GL-iNet router models, specifically those running firmware versions 4.3.11, 4.3.12, 4.3.13, 4.3.16, and 4.5.16.
Can CVE-2024-39226 allow an attacker to gain access to my network?
Yes, CVE-2024-39226 can be exploited to manipulate routers, potentially allowing attackers unauthorized access to the network and its resources.
Is CVE-2024-39226 a local or remote vulnerability?
CVE-2024-39226 is considered a remote vulnerability since it can be exploited over the network without requiring physical access to the affected device.
- agent/author
- agent/type
- agent/first-publish-date
- agent/event
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gl-inet
- canonical/gl.inet mt6000
- canonical/gl-inet mt6000 firmware
- version/gl-inet mt6000 firmware/4.5.8
- canonical/gl-inet a1300 firmware
- canonical/gl.inet a1300 firmware
- version/gl.inet a1300 firmware/4.5.16
- canonical/gl-inet x300b firmware
- canonical/gl.inet x300b firmware
- version/gl.inet x300b firmware/4.5.16
- canonical/gl.inet gl-ax1800
- canonical/netgear nighthawk ax1800 firmware
- version/netgear nighthawk ax1800 firmware/4.5.16
- canonical/gl-inet axt1800 firmware
- canonical/gl.inet gl-axt1800
- version/gl.inet gl-axt1800/4.5.16
- canonical/gl.inet mt2500 firmware
- version/gl.inet mt2500 firmware/4.5.16
- canonical/gl.inet mt3000 firmware
- version/gl.inet mt3000 firmware/4.5.16
- canonical/gl.inet gl-x3000 firmware
- version/gl.inet gl-x3000 firmware/4.4.8
- canonical/gl-inet xe3000 firmware
- version/gl-inet xe3000 firmware/4.4.8
- canonical/gl.inet xe300 firmware
- version/gl.inet xe300 firmware/4.3.16
- canonical/gl-inet xe300 firmware
- canonical/gl.inet gl-e750
- version/gl.inet gl-e750/4.3.12
- canonical/gl-inet e750 firmware
- canonical/gl.inet x750 firmware
- version/gl.inet x750 firmware/4.3.11
- canonical/gl.inet x750
- canonical/gl.inet sft1200 firmware
- version/gl.inet sft1200 firmware/4.3.11
- canonical/gl.inet gl-ar300m
- version/gl.inet gl-ar300m/4.3.11
- canonical/gl.inet ar300m16 firmware
- version/gl.inet ar300m16 firmware/4.3.11
- canonical/gl.inet ar750 firmware
- version/gl.inet ar750 firmware/4.3.11
- canonical/gl.inet gl-ar750s firmware
- version/gl.inet gl-ar750s firmware/4.3.11
- canonical/gl.inet ar750s
- canonical/gl.inet b1300 firmware
- version/gl.inet b1300 firmware/4.3.11
- canonical/gl.inet gl-mt1300 firmware
- version/gl.inet gl-mt1300 firmware/4.3.11
- canonical/gl.inet gl-mt1300 beryl
- canonical/gl.inet mt300n-v2 firmware
- version/gl.inet mt300n-v2 firmware/4.3.11
- canonical/gl-inet mt300n-v2 firmware
- canonical/gl.inet ap1300 firmware
- version/gl.inet ap1300 firmware/3.217
- canonical/gl-inet ap1300 firmware
- canonical/gl.inet gl-b2200 firmware
- version/gl.inet gl-b2200 firmware/3.216
- canonical/gl-inet b2200 firmware
- canonical/gl.inet mv1000 firmware
- version/gl.inet mv1000 firmware/3.216
- canonical/gl.inet mv1000
- canonical/gl.inet gl-mv1000w
- version/gl.inet gl-mv1000w/3.216
- canonical/gl.inet usb150 firmware
- version/gl.inet usb150 firmware/3.216
- canonical/gl-inet usb150 firmware
- version/gl.inet sft1200 firmware/3.216
- canonical/gl-inet sf1200 firmware
- canonical/gl.inet mirouter-n300 firmware
- version/gl.inet mirouter-n300 firmware/3.216
- canonical/gl-inet n300 firmware
- canonical/gl.inet gl-s1300 firmware
- version/gl.inet gl-s1300 firmware/3.216
- canonical/gl-inet s1300 firmware