CVE-2024-39229

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 6, 2024
Updated: Aug 15, 2024

Summary

CVE-2024-39229 is a newly disclosed vulnerability affecting various GL-iNet products, including AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216. This issue enables man-in-the-middle attacks, allowing attackers to intercept communications when Dynamic DNS (DDNS) clients transmit data to the server. The specifics of the vulnerability have not been made public, but users are recommended to update their devices as soon as patches become available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share