CVE-2024-27356 in MT6000info

Summary

by MITRE • 02/27/2024

An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 06/09/2025

This vulnerability represents a critical information disclosure flaw affecting multiple GL-iNet router models across various product lines. The issue stems from insufficient access controls and improper input validation within the device's web interface, allowing unauthenticated attackers to execute arbitrary commands that can retrieve sensitive system files including logs and configuration data. The vulnerability specifically impacts firmware versions ranging from 3.203 to 4.5.5 across numerous router models, indicating a widespread exposure affecting both older and newer generations of GL-iNet hardware. This type of vulnerability aligns with CWE-200 (Information Exposure) and represents a significant weakness in the device's authentication and authorization mechanisms.

The technical implementation of this flaw involves command injection vulnerabilities within the router's web application interface, where user-supplied parameters are not properly sanitized before being processed by the underlying system. Attackers can exploit this by crafting malicious URLs or API calls that bypass normal access controls and directly invoke system commands. The vulnerability allows for arbitrary file download capabilities, enabling threat actors to access sensitive information such as system logs, user credentials, network configurations, and potentially other confidential data stored on the device. This represents a direct violation of the principle of least privilege and demonstrates inadequate input validation practices within the device's web server implementation.

The operational impact of this vulnerability extends beyond simple information disclosure, as the exposed data could provide attackers with valuable intelligence for further exploitation attempts. System logs often contain sensitive information about network traffic, user activities, and system configurations that could aid in planning more sophisticated attacks. The affected devices include various consumer and enterprise-grade routers, making this vulnerability particularly concerning as it could provide attackers with persistent access points within networks. Network administrators and security professionals must recognize that these devices often serve as gateways to larger network infrastructures, making the exposure of their internal configurations and logs particularly dangerous.

Mitigation strategies should focus on immediate firmware updates from GL-iNet to address the underlying command injection vulnerabilities. Network segmentation and firewall rules should be implemented to restrict access to device management interfaces from untrusted networks. Regular security audits of networked devices should include verification of firmware versions and patch status to prevent exploitation of known vulnerabilities. Organizations should implement monitoring solutions to detect unusual access patterns to device management interfaces and establish incident response procedures for potential exploitation attempts. This vulnerability highlights the importance of secure coding practices and proper input validation as outlined in the OWASP Top Ten and NIST Cybersecurity Framework recommendations for protecting network infrastructure components. The ATT&CK framework categorizes this as a privilege escalation and credential access technique, emphasizing the need for comprehensive network security measures to prevent unauthorized access to critical infrastructure devices.

Reservation

02/25/2024

Disclosure

02/27/2024

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.23905

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!