Description

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.

INFO

Published Date :

2024-10-24T00:00:00.000Z

Last Modified :

2024-10-28T18:52:30.245Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45263 vulnerability.

Vendors Products
Gl-inet
  • A1300
  • A1300 Firmware
  • Ar300m
  • Ar300m16
  • Ar300m16 Firmware
  • Ar300m Firmware
  • Ar750
  • Ar750 Firmware
  • Ar750s
  • Ar750s Firmware
  • Ax1800
  • Ax1800 Firmware
  • Axt1800
  • Axt1800 Firmware
  • B1300
  • B1300 Firmware
  • B3000
  • B3000 Firmware
  • E750
  • E750 Firmware
  • Gl-a1300 Firmware
  • Gl-ar300m16 Firmware
  • Gl-ar300m Firmware
  • Gl-ar750 Firmware
  • Gl-ar750s Firmware
  • Gl-ax1800 Firmware
  • Gl-axt1800 Firmware
  • Gl-b1300 Firmware
  • Gl-b3000 Firmware
  • Gl-e750 Firmware
  • Gl-mt1300 Firmware
  • Gl-mt2500 Firmware
  • Gl-mt3000
  • Gl-mt3000 Firmware
  • Gl-mt300n-v2 Firmware
  • Gl-mt6000 Firmware
  • Gl-sft1200 Firmware
  • Gl-x3000 Firmware
  • Gl-x300b Firmware
  • Gl-x750 Firmware
  • Gl-xe300 Firmware
  • Mt1300
  • Mt1300 Firmware
  • Mt2500
  • Mt2500 Firmware
  • Mt3000 Firmware
  • Mt300n-v2
  • Mt300n-v2 Firmware
  • Mt6000
  • Mt6000 Firmware
  • Sft1200
  • Sft1200 Firmware
  • X3000
  • X3000 Firmware
  • X300b
  • X300b Firmware
  • X750
  • X750 Firmware
  • Xe300
  • Xe3000
  • Xe3000 Firmware
  • Xe300 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45263.

URL Resource
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Upload%20to%20ovpn_upload%20via%20Upload%20Interface.md cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact