Vulnerability Description
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gl-Inet | Mt3000 Firmware | 4.6.2 |
| Gl-Inet | Gl-Mt3000 | - |
| Gl-Inet | Mt2500 Firmware | >= 4.6.2, < 4.6.4 |
| Gl-Inet | Mt2500 | - |
| Gl-Inet | Axt1800 Firmware | >= 4.6.2, < 4.6.4 |
| Gl-Inet | Axt1800 | - |
| Gl-Inet | Ax1800 Firmware | >= 4.6.2, < 4.6.4 |
| Gl-Inet | Ax1800 | - |
| Gl-Inet | B3000 Firmware | 4.5.18 |
| Gl-Inet | B3000 | - |
| Gl-Inet | A1300 Firmware | 4.5.17 |
| Gl-Inet | A1300 | - |
| Gl-Inet | X300B Firmware | 4.5.17 |
| Gl-Inet | X300B | - |
| Gl-Inet | X3000 Firmware | 4.4.9 |
| Gl-Inet | X3000 | - |
| Gl-Inet | Xe3000 Firmware | 4.4.9 |
| Gl-Inet | Xe3000 | - |
| Gl-Inet | X750 Firmware | 4.3.18 |
| Gl-Inet | X750 | - |
Related Weaknesses (CWE)
References
- https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Delete%20Any%20File%20via%ExploitThird Party Advisory
FAQ
What is CVE-2024-45259?
CVE-2024-45259 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download inte...
How severe is CVE-2024-45259?
CVE-2024-45259 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-45259?
Check the references section above for vendor advisories and patch information. Affected products include: Gl-Inet Mt3000 Firmware, Gl-Inet Gl-Mt3000, Gl-Inet Mt2500 Firmware, Gl-Inet Mt2500, Gl-Inet Axt1800 Firmware.