CVE-2024-27356

An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md	Third Party Advisory
https://gl-inet.com	Product
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md	Third Party Advisory
https://gl-inet.com	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:gl-inet:mt6000_firmware:4.5.5:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:gl-inet:xe3000_firmware:4.4.4:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:gl-inet:x3000_firmware:4.4.5:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:gl-inet:mt3000_firmware:4.5.0:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:mt3000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:gl-inet:mt2500_firmware:4.5.0:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:gl-inet:axt1800_firmware:4.5.0:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:gl-inet:ax1800_firmware:4.5.0:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:gl-inet:a1300_firmware:4.5.0:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:gl-inet:s200_firmware:4.1.4-0300:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:s200:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:gl-inet:x750_firmware:4.3.7:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:gl-inet:sft1200_firmware:4.37:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:gl-inet:xe300_firmware:4.3.7:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:gl-inet:mt1300_firmware:4.3.10:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:gl-inet:ar750_firmware:4.3.10:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:gl-inet:ar750s_firmware:4.3.10:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:gl-inet:ar300m_firmware:4.3.10:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.10:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:gl-inet:b1300_firmware:4.3.10:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.10:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:gl-inet:x300b_firmware:3.217:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:gl-inet:s1300_firmware:3.216:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:s1300:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:gl-inet:sf1200_firmware:3.216:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:sf1200:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:gl-inet:mv1000_firmware:3.216:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:mv1000:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:gl-inet:n300_firmware:3.216:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:n300:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:gl-inet:b2200_firmware:3.216:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:b2200:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:gl-inet:x1200_firmware:3.203:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:x1200:-:*:*:*:*:*:*:*

History

18 Sep 2025, 16:27

Type	Values Removed	Values Added
CPE		cpe:2.3:h:gl-inet:b1300:-:::::::* cpe:2.3:h:gl-inet:a1300:-:::::::* cpe:2.3:o:gl-inet:sf1200_firmware:3.216:::::::* cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.10:::::::* cpe:2.3:h:gl-inet:xe300:-:::::::* cpe:2.3:h:gl-inet:ax1800:-:::::::* cpe:2.3:o:gl-inet:b1300_firmware:4.3.10:::::::* cpe:2.3:o:gl-inet:sft1200_firmware:4.37:::::::* cpe:2.3:o:gl-inet:x750_firmware:4.3.7:::::::* cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.10:::::::* cpe:2.3:o:gl-inet:xe3000_firmware:4.4.4:::::::* cpe:2.3:o:gl-inet:mt6000_firmware:4.5.5:::::::* cpe:2.3:h:gl-inet:mt3000:-:::::::* cpe:2.3:o:gl-inet:s200_firmware:4.1.4-0300:::::::* cpe:2.3:o:gl-inet:mt1300_firmware:4.3.10:::::::* cpe:2.3:h:gl-inet:sft1200:-:::::::* cpe:2.3:o:gl-inet:b2200_firmware:3.216:::::::* cpe:2.3:h:gl-inet:s1300:-:::::::* cpe:2.3:o:gl-inet:ar750s_firmware:4.3.10:::::::* cpe:2.3:h:gl-inet:ar750s:-:::::::* cpe:2.3:h:gl-inet:mv1000:-:::::::* cpe:2.3:h:gl-inet:mt300n-v2:-:::::::* cpe:2.3:o:gl-inet:mv1000_firmware:3.216:::::::* cpe:2.3:h:gl-inet:ar750:-:::::::* cpe:2.3:o:gl-inet:x300b_firmware:3.217:::::::* cpe:2.3:h:gl-inet:n300:-:::::::* cpe:2.3:o:gl-inet:axt1800_firmware:4.5.0:::::::* cpe:2.3:h:gl-inet:mt6000:-:::::::* cpe:2.3:o:gl-inet:mt2500_firmware:4.5.0:::::::* cpe:2.3:h:gl-inet:ar300m:-:::::::* cpe:2.3:h:gl-inet:x300b:-:::::::* cpe:2.3:h:gl-inet:s200:-:::::::* cpe:2.3:h:gl-inet:x750:-:::::::* cpe:2.3:h:gl-inet:xe3000:-:::::::* cpe:2.3:o:gl-inet:xe300_firmware:4.3.7:::::::* cpe:2.3:h:gl-inet:mt1300:-:::::::* cpe:2.3:o:gl-inet:mt3000_firmware:4.5.0:::::::* cpe:2.3:h:gl-inet:b2200:-:::::::* cpe:2.3:h:gl-inet:x3000:-:::::::* cpe:2.3:o:gl-inet:ax1800_firmware:4.5.0:::::::* cpe:2.3:o:gl-inet:s1300_firmware:3.216:::::::* cpe:2.3:h:gl-inet:ar300m16:-:::::::* cpe:2.3:h:gl-inet:sf1200:-:::::::* cpe:2.3:o:gl-inet:x3000_firmware:4.4.5:::::::* cpe:2.3:o:gl-inet:a1300_firmware:4.5.0:::::::* cpe:2.3:o:gl-inet:ar750_firmware:4.3.10:::::::* cpe:2.3:o:gl-inet:ar300m_firmware:4.3.10:::::::* cpe:2.3:o:gl-inet:x1200_firmware:3.203:::::::* cpe:2.3:h:gl-inet:axt1800:-:::::::* cpe:2.3:h:gl-inet:mt2500:-:::::::* cpe:2.3:h:gl-inet:x1200:-:::::::* cpe:2.3:o:gl-inet:n300_firmware:3.216:::::::*
References	~~() https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md -~~	() https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md - Third Party Advisory
References	~~() https://gl-inet.com -~~	() https://gl-inet.com - Product
First Time		Gl-inet ar750s Gl-inet sft1200 Gl-inet x3000 Firmware Gl-inet x3000 Gl-inet x1200 Firmware Gl-inet mt6000 Gl-inet mt3000 Gl-inet mt300n-v2 Gl-inet mt1300 Firmware Gl-inet x1200 Gl-inet Gl-inet ar750 Gl-inet a1300 Gl-inet ax1800 Firmware Gl-inet axt1800 Gl-inet mt2500 Firmware Gl-inet mt3000 Firmware Gl-inet mt2500 Gl-inet s1300 Gl-inet mt6000 Firmware Gl-inet b1300 Firmware Gl-inet s1300 Firmware Gl-inet mv1000 Firmware Gl-inet b1300 Gl-inet sf1200 Firmware Gl-inet xe300 Gl-inet x300b Firmware Gl-inet x750 Gl-inet s200 Firmware Gl-inet a1300 Firmware Gl-inet mv1000 Gl-inet ar750 Firmware Gl-inet axt1800 Firmware Gl-inet mt1300 Gl-inet n300 Gl-inet b2200 Gl-inet ar300m Firmware Gl-inet xe300 Firmware Gl-inet ar300m Gl-inet s200 Gl-inet sf1200 Gl-inet xe3000 Gl-inet ar750s Firmware Gl-inet sft1200 Firmware Gl-inet x750 Firmware Gl-inet ax1800 Gl-inet xe3000 Firmware Gl-inet n300 Firmware Gl-inet ar300m16 Firmware Gl-inet x300b Gl-inet ar300m16 Gl-inet mt300n-v2 Firmware Gl-inet b2200 Firmware

24 Mar 2025, 16:15

Type	Values Removed	Values Added
CWE		CWE-200

21 Nov 2024, 09:04

Type	Values Removed	Values Added
References	~~() https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md -~~	() https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md -
References	~~() https://gl-inet.com -~~	() https://gl-inet.com -

07 Aug 2024, 18:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

27 Feb 2024, 14:20

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en ciertos dispositivos GL-iNet. Los atacantes pueden descargar archivos, como registros, mediante comandos, obteniendo potencialmente información crítica del usuario. Esto afecta a MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3. 10 , X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216 y X1200 3.203.

27 Feb 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-27 01:15

Updated : 2025-09-18 16:27

NVD link : CVE-2024-27356

Mitre link : CVE-2024-27356

CVE.ORG link : CVE-2024-27356

JSON object : View

Products Affected

gl-inet

mt300n-v2
n300
mt3000_firmware
sf1200_firmware
mt3000
x3000_firmware
b1300
a1300_firmware
ar300m_firmware
mv1000
axt1800_firmware
xe300
xe300_firmware
mt1300_firmware
ar750_firmware
ar750s
ar300m16_firmware
x1200_firmware
sft1200_firmware
ar300m
ar750
mt6000
x300b_firmware
sf1200
x1200
b2200
ax1800
a1300
xe3000_firmware
s200_firmware
sft1200
b1300_firmware
mt2500_firmware
ax1800_firmware
mv1000_firmware
xe3000
s200
x300b
x750_firmware
mt6000_firmware
ar750s_firmware
mt1300
s1300_firmware
s1300
n300_firmware
axt1800
x3000
x750
mt300n-v2_firmware
mt2500
b2200_firmware
ar300m16

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

7.5 /10