CVE-2024-39229

Name of the Vulnerable Software and Affected Versions GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 version 4.3.11 GL-iNet products MT3000/MT2500/AXT1800/AX1800/A1300/X300B version 4.5.16 GL-iNet products XE300 version 4.3.16 GL-iNet products E750 version 4.3.12 GL-iNet products AP1300/S1300 version 4.3.13 GL-iNet products XE3000/X3000 version 4 GL-iNet products B2200/MV1000/MV1000W/USB150/N300/SF1200 version 3.216

Description The issue allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.

Recommendations For version 4.3.11 of GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750, consider disabling the DDNS client functionality until a patch is available. For version 4.5.16 of GL-iNet products MT3000/MT2500/AXT1800/AX1800/A1300/X300B, consider disabling the DDNS client functionality until a patch is available. For version 4.3.16 of GL-iNet products XE300, consider disabling the DDNS client functionality until a patch is available. For version 4.3.12 of GL-iNet products E750, consider disabling the DDNS client functionality until a patch is available. For version 4.3.13 of GL-iNet products AP1300/S1300, consider disabling the DDNS client functionality until a patch is available. For version 4 of GL-iNet products XE3000/X3000, consider disabling the DDNS client functionality until a patch is available. For version 3.216 of GL-iNet products B2200/MV1000/MV1000W/USB150/N300/SF1200, consider disabling the DDNS client functionality until a patch is available.