CVE-2024-39225
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
32.5%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.
Technical Details
- Published
- 8/6/2024
Frequently Asked Questions
What is CVE-2024-39225?
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.
Is CVE-2024-39225 actively exploited?
Active exploitation of CVE-2024-39225 has not been confirmed. The EPSS score is 32.5%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2024-39225?
CVE-2024-39225 has a CVSS v3 base score of 9.8 (CRITICAL severity).
Is CVE-2024-39225 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.