CVE-2024-39226

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

13.6%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.

Technical Details

Published
8/6/2024

Frequently Asked Questions

What is CVE-2024-39226?

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.

Is CVE-2024-39226 actively exploited?

Active exploitation of CVE-2024-39226 has not been confirmed. The EPSS score is 13.6%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-39226?

CVE-2024-39226 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2024-39226 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.