CVE-2024-39228

Name of the Vulnerable Software and Affected Versions GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 version 4.3.11 GL-iNet products MT3000/MT2500/AXT1800/AX1800/A1300/X300B version 4.5.16 GL-iNet products XE300 version 4.3.16 GL-iNet products E750 version 4.3.12 GL-iNet products AP1300/S1300 version 4.3.13 GL-iNet products XE3000/X3000 version 4.4

Description A shell injection issue was discovered in the interface via check ovpn client config and check config.

Recommendations For version 4.3.11, consider disabling the check ovpn client config and check config interfaces until a patch is available. For version 4.5.16, consider disabling the check ovpn client config and check config interfaces until a patch is available. For version 4.3.16, consider disabling the check ovpn client config and check config interfaces until a patch is available. For version 4.3.12, consider disabling the check ovpn client config and check config interfaces until a patch is available. For version 4.3.13, consider disabling the check ovpn client config and check config interfaces until a patch is available. For version 4.4, consider disabling the check ovpn client config and check config interfaces until a patch is available.