CVE-2024-39227

Name of the Vulnerable Software and Affected Versions GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 version 4.3.11 GL-iNet products MT3000/MT2500/AXT1800/AX1800/A1300/X300B version 4.5.16 GL-iNet products XE300 version 4.3.16 GL-iNet products E750 version 4.3.12 GL-iNet products AP1300/S1300 version 4.3.13 GL-iNet products XE3000/X3000 version 4.4

Description The issue concerns insecure permissions in the endpoint "/cgi-bin/glc" that allows unauthenticated attackers to execute arbitrary code or possibly perform a directory traversal via crafted JSON data. Additionally, a shell injection vulnerability was discovered via the interface check ovpn client config.

Recommendations For version 4.3.11, consider disabling access to the /cgi-bin/glc endpoint until a patch is available. For version 4.5.16, restrict the use of the check ovpn client config interface to minimize the risk of exploitation. For version 4.3.16, avoid using the vulnerable endpoint /cgi-bin/glc in production environments. For version 4.3.12, limit access to the check ovpn client config interface to trusted users only. For version 4.3.13, disable the /cgi-bin/glc endpoint as a temporary workaround. For version 4.4, restrict access to the vulnerable interface check ovpn client config to prevent potential attacks.