CVE-2024-27356 Information
Feb 29, 2024
cve
Description
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands potentially obtaining critical user information. This affects MT6000 4.5.5 XE3000 4.4.4 X3000 4.4.5 MT3000 4.5.0 MT2500 4.5.0 AXT1800 4.5.0 AX1800 4.5.0 A1300 4.5.0 S200 4.1.4-0300 X750 4.3.7 SFT1200 4.3.7 XE300 4.3.7 MT1300 4.3.10 AR750 4.3.10 AR750S 4.3.10 AR300M 4.3.10 AR300M16 4.3.10 B1300 4.3.10 MT300N-v2 4.3.10 X300B 3.217 S1300 3.216 SF1200 3.216 MV1000 3.216 N300 3.216 B2200 3.216 and X1200 3.203.
Reference
https://gl-inet.com https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md
Share on: