RouterCVE

CVE-2024-39229

MEDIUM
5.3CVSS v3
CVSS v2
0.09% EPSS (exploit probability)
CWE-924CWE

Description

An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.

CVSS v3 vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected routers (2)

VendorModelMatched viaAffected versionsFixed inPatch?
Cradlepoint Cradlepoint E300 No
Cradlepoint Cradlepoint E3000 No

External references