CVE-2024-39226
Published: 06 August 2024
Summary
CVE-2024-39226 is a critical-severity Path Traversal (CWE-22) vulnerability in Gl-Inet Mt6000 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 5.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2024-39226 affects multiple GL-iNet router models running firmware versions including AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4. The flaw is a command injection issue (with an associated path traversal component) in the s2s API that permits arbitrary shell command execution.
Unauthenticated remote attackers can supply crafted input to the s2s interface and thereby execute commands on the device. Successful exploitation grants full control over the router, allowing arbitrary code execution with impacts to confidentiality, integrity, and availability.
The single disclosed reference is a GitHub advisory that documents the s2s interface shell injection vector but does not detail patches or workarounds. The EPSS score has remained flat at 0.1364 with no material increase since publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-37872
Vulnerability details
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Shell injection via s2s API enables remote command execution on network device CLI (T1059.008) and exploitation of remote services (T1210).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.