CVE-2024-39226

Name of the Vulnerable Software and Affected Versions GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 version 4.3.11 GL-iNet products MT3000/MT2500/AXT1800/AX1800/A1300/X300B version 4.5.16 GL-iNet products XE300 version 4.3.16 GL-iNet products E750 version 4.3.12 GL-iNet products AP1300/S1300 version 4.3.13 GL-iNet products XE3000/X3000 version 4.4

Description The issue allows manipulation of routers by passing malicious shell commands through the s2s API.

Recommendations For version 4.3.11, consider disabling access to the s2s API until a patch is available. For version 4.5.16, restrict the use of the s2s API to minimize the risk of exploitation. For version 4.3.16, avoid using the s2s API in production environments until the issue is resolved. For version 4.3.12, limit access to the s2s API to trusted sources. For version 4.3.13, consider implementing additional security measures to prevent malicious shell command execution. For version 4.4, restrict access to the s2s API to prevent potential exploitation.