Cyber Resilience

CVE-2024-39227

CriticalPublic PoC

Published: 06 August 2024

Published
06 August 2024
Modified
15 August 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0109 78.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39227 is a critical-severity Injection (CWE-74) vulnerability in Gl-Inet Mt6000 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via…

more

crafted JSON data.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Why these techniques?

Insecure permissions on public-facing /cgi-bin/glc endpoint enable unauthenticated arbitrary code execution (T1190: Exploit Public-Facing Application) and possible directory traversal for file discovery (T1083: File and Directory Discovery).

Affected Assets

gl-inet
mt6000 firmware
4.5.8
gl-inet
a1300 firmware
4.5.16
gl-inet
x300b firmware
4.5.16
gl-inet
ax1800 firmware
4.5.16
gl-inet
axt1800 firmware
4.5.16
gl-inet
mt2500 firmware
4.5.16
gl-inet
mt3000 firmware
4.5.16
gl-inet
x3000 firmware
4.4.8
gl-inet
xe3000 firmware
4.4.8
gl-inet
xe300 firmware
4.3.16
+18 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-74

Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.

addresses: CWE-74

Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.

References