CVE-2024-45261

None

Description

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control.

INFO

Published Date :

2024-10-24T00:00:00.000Z

Last Modified :

2024-10-28T19:19:59.290Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2024-45261 vulnerability.

Vendors	Products
Gl-inet	A1300 A1300 Firmware Ar300m Ar300m16 Ar300m16 Firmware Ar300m Firmware Ar750 Ar750 Firmware Ar750s Ar750s Firmware Ax1800 Ax1800 Firmware Axt1800 Axt1800 Firmware B1300 B1300 Firmware B3000 B3000 Firmware E750 E750 Firmware Gl-a1300 Firmware Gl-ar300m16 Firmware Gl-ar300m Firmware Gl-ar750 Firmware Gl-ar750s Firmware Gl-ax1800 Firmware Gl-axt1800 Firmware Gl-b1300 Firmware Gl-b3000 Firmware Gl-e750 Firmware Gl-mt1300 Firmware Gl-mt2500 Firmware Gl-mt3000 Gl-mt3000 Firmware Gl-mt300n-v2 Firmware Gl-mt6000 Firmware Gl-sft1200 Firmware Gl-x3000 Firmware Gl-x300b Firmware Gl-x750 Firmware Gl-xe300 Firmware Mt1300 Mt1300 Firmware Mt2500 Mt2500 Firmware Mt3000 Firmware Mt300n-v2 Mt300n-v2 Firmware Mt6000 Mt6000 Firmware Sft1200 Sft1200 Firmware X3000 X3000 Firmware X300b X300b Firmware X750 X750 Firmware Xe300 Xe3000 Xe3000 Firmware Xe300 Firmware

Vendors

Products

Gl-inet