CVE-2024-27356: An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user...
Description
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.
Classification
CVE ID: CVE-2024-27356
CVSS Base Severity: HIGH
CVSS Base Score: 7.5
Affected Products
Vendor: n/a
Product: n/a
Exploit Prediction Scoring System (EPSS)
EPSS Score: 1.37% (probability of being exploited)
EPSS Percentile: 78.52% (scored less or equal to compared to others)
EPSS Date: 2025-04-01 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: true