CVE-2024-39229
- Reference to the description:
- Description:
- An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.
- Last updated date:
- 08/15/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 08/12/2024
- Reference url to background
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/DDNS%20data%20is%20not%20encrypted.md