CVE-2024-27356
HIGHGL-iNet devices - Info Disclosure
Title source: llmDescription
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.
Exploits (1)
exploitdb
WORKING POC
by Bandar Alharbi · pythonremotehardware
https://www.exploit-db.com/exploits/51942
Scores
CVSS v3
7.5
EPSS
0.1929
EPSS Percentile
95.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (26)
gl-inet/a1300_firmware
4.5.0
gl-inet/ar300m16_firmware
4.3.10
gl-inet/ar300m_firmware
4.3.10
gl-inet/ar750_firmware
4.3.10
gl-inet/ar750s_firmware
4.3.10
gl-inet/ax1800_firmware
4.5.0
gl-inet/axt1800_firmware
4.5.0
gl-inet/b1300_firmware
4.3.10
gl-inet/b2200_firmware
3.216
gl-inet/mt1300_firmware
4.3.10
... and 16 more
Published
Feb 27, 2024
Tracked Since
Feb 18, 2026