CVE-2024-39228 is a critical shell injection vulnerability identified in various GL-iNet router models and firmware versions, including AR750, AR750S, AR300M series, MT300N-V2, B1300, MT1300, SFT1200, X750, MT3000, MT2500, AXT1800, AX1800, A1300, X300B, XE300, E750, AP1300, S1300, XE3000, and X3000. The vulnerability resides in the interface functions check_ovpn_client_config and check_config, which improperly handle input, allowing an attacker to inject arbitrary shell commands. This is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The CVSS v3.1 base score is 9.8, reflecting network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability enables unauthenticated remote attackers to execute arbitrary commands on affected devices, potentially leading to full device compromise. No patches or exploit code are currently publicly available, and no known exploits in the wild have been reported as of the publication date (August 6, 2024). However, the critical nature and ease of exploitation make it a significant threat to users of these GL-iNet devices.

The impact of CVE-2024-39228 is severe for organizations using affected GL-iNet routers. Successful exploitation allows remote attackers to execute arbitrary shell commands without authentication, leading to full device compromise. This can result in unauthorized access to internal networks, interception or manipulation of network traffic, deployment of malware or ransomware, disruption of network availability, and potential lateral movement within corporate environments. The confidentiality of sensitive data passing through these routers is at high risk, as is the integrity of network configurations and the availability of network services. Given the widespread use of GL-iNet devices in small to medium enterprises, home offices, and IoT deployments, the vulnerability could be leveraged to create botnets or launch further attacks. The lack of required privileges or user interaction increases the likelihood of exploitation, making this a critical threat to global network security.

To mitigate CVE-2024-39228, organizations should immediately identify and inventory all GL-iNet devices in their environment. Since no official patches are currently available, apply the following specific mitigations: 1) Restrict network access to the management interfaces of affected devices by implementing firewall rules that limit access to trusted IP addresses only. 2) Disable or restrict the use of vulnerable interface functions (check_ovpn_client_config and check_config) if possible through device configuration or custom firmware. 3) Monitor network traffic and device logs for unusual commands or access attempts targeting these interfaces. 4) Segment networks to isolate vulnerable devices from critical infrastructure and sensitive data. 5) Engage with GL-iNet support channels for updates on patches or firmware upgrades addressing this vulnerability. 6) Consider replacing affected devices with models confirmed to be secure if immediate patching is not feasible. 7) Educate network administrators about the risks and signs of exploitation to enable rapid detection and response.