Security Advisories (Vulnerabilities and CVEs) August 1 2024
Dear all,
In this post, you will find a list of vulnerabilities and CVEs we've recently found on particular GL.iNet router models. Note that this does not include CVEs from OpenWrt.
Please check the firmware versions affected by the vulnerabilities and CVEs. If you're affected, you are strongly advised to upgrade your router to the firmware version containing the fixes as soon as possible.
| Model Number | Affected Firmware Version | Resolved Firmware Version |
|---|---|---|
| GL-MT6000 Flint 2 | V4.5.8 and earlier | V4.6.2 |
| GL-A1300 Slate Plus | V4.5.16 and earlier | V4.5.17 |
| GL-X300B Collie | ||
| GL-AX1800 Flint | V4.5.16 and earlier | V4.6.2 |
| GL-AXT1800 Slate AX | ||
| GL-MT2500 Brume 2 | ||
| GL-MT3000 Beryl AX | ||
| GL-X3000 Spitz AX | V4.4.8 and earlier | V4.4.9 |
| GL-XE3000 Puli AX | ||
| GL-XE300 Puli | V4.3.16 and earlier | V4.3.17 |
| GL-E750/GL-E750V2 Mudi | V4.3.12 and earlier | V4.3.17 |
| GL-X750 Spitz | V4.3.11 and earlier | V4.3.17 |
| GL-SFT1200 Opal | ||
| GL-AR300M Shadow | ||
| GL-AR300M16 Shadow | ||
| GL-AR750 Creta | ||
| GL-AR750S-EXT Slate | ||
| GL-B1300 Convexa-B | ||
| GL-MT1300 Beryl | ||
| GL-MT300N-V2 Mango | ||
| GL-AP1300 Cirrus | V3.217 and earlier | V3.218 |
| GL-B2200 Velica | V3.216 and earlier | V3.218 |
| GL-MV1000 Brume | ||
| GL-MV1000W Brume-W | ||
| GL-USB150 Microuter | ||
| GL-SF1200 | ||
| microuter-N300 | ||
| GL-S1300 Convexa-S |
CVE-2024-39225
- Summary: Unauthenticated remote code execution using SID bruteforce
- Credit to: Bandar Alharbi https://github.com/aggressor0
CVE-2024-39226
- Summary: Missing input validation leads to arbitrary code execution
- Credit to: Patrick Walker
CVE-2024-39227
- Summary: Missing authorization checks/access controls and directory traversal leads to potential arbitrary code execution
- Credit to: Patrick Walker
CVE-2024-39228
- Summary: Authenticated remote code execution by ovpn api
- Credit to: Manfred Heinz
CVE-2024-39229
- Summary: Attackers can modify the binding IP address of DDNS by the MAC address and SN
CVE-2024-3661
- Summary: Tunnelvision vulnerability by dhcp option 121
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3661
This is annoucement other than discussion. To report Security bugs, pls send email to security@gl-inet.com. We have a 90-day policy for vulnerability disclosure.