|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-04-23 | |
| Rule Name: | GL-iNet MT6000 4.5.5 Information Disclosure Vulnerability (CVE-2024-27356) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203. | |
| Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://gl-inet.com https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md https://cxsecurity.com/cveshow/CVE-2024-27356/ |
|
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |