Description

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path.

INFO

Published Date :

2024-10-24T00:00:00.000Z

Last Modified :

2024-10-28T19:22:25.505Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45262 vulnerability.

Vendors Products
Gl-inet
  • A1300
  • A1300 Firmware
  • Ar300m
  • Ar300m16
  • Ar300m16 Firmware
  • Ar300m Firmware
  • Ar750
  • Ar750 Firmware
  • Ar750s
  • Ar750s Firmware
  • Ax1800
  • Ax1800 Firmware
  • Axt1800
  • Axt1800 Firmware
  • B1300
  • B1300 Firmware
  • B3000
  • B3000 Firmware
  • E750
  • E750 Firmware
  • Gl-a1300 Firmware
  • Gl-ar300m16 Firmware
  • Gl-ar300m Firmware
  • Gl-ar750 Firmware
  • Gl-ar750s Firmware
  • Gl-ax1800 Firmware
  • Gl-axt1800 Firmware
  • Gl-b1300 Firmware
  • Gl-b3000 Firmware
  • Gl-e750 Firmware
  • Gl-mt1300 Firmware
  • Gl-mt2500 Firmware
  • Gl-mt3000
  • Gl-mt3000 Firmware
  • Gl-mt300n-v2 Firmware
  • Gl-mt6000 Firmware
  • Gl-sft1200 Firmware
  • Gl-x3000 Firmware
  • Gl-x300b Firmware
  • Gl-x750 Firmware
  • Gl-xe300 Firmware
  • Mt1300
  • Mt1300 Firmware
  • Mt2500
  • Mt2500 Firmware
  • Mt3000 Firmware
  • Mt300n-v2
  • Mt300n-v2 Firmware
  • Mt6000
  • Mt6000 Firmware
  • Sft1200
  • Sft1200 Firmware
  • X3000
  • X3000 Firmware
  • X300b
  • X300b Firmware
  • X750
  • X750 Firmware
  • Xe300
  • Xe3000
  • Xe3000 Firmware
  • Xe300 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45262.

URL Resource
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Improper%20Pathname%20Restriction%20Leading%20to%20Path%20Traversal%20in%20Restricted%20Directories.md cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact