Vulnerability Description
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gl-Inet | Mt6000 Firmware | 4.6.2 |
| Gl-Inet | Mt6000 | - |
| Gl-Inet | B1300 Firmware | 4.3.17 |
| Gl-Inet | B1300 | - |
| Gl-Inet | Mt2500 Firmware | >= 4.6.2, < 4.6.4 |
| Gl-Inet | Mt2500 | - |
| Gl-Inet | Axt1800 Firmware | >= 4.6.2, < 4.6.4 |
| Gl-Inet | Axt1800 | - |
| Gl-Inet | Ax1800 Firmware | >= 4.6.2, < 4.6.4 |
| Gl-Inet | Ax1800 | - |
| Gl-Inet | B3000 Firmware | 4.5.18 |
| Gl-Inet | B3000 | - |
| Gl-Inet | A1300 Firmware | 4.5.17 |
| Gl-Inet | A1300 | - |
| Gl-Inet | X300B Firmware | 4.5.17 |
| Gl-Inet | X300B | - |
| Gl-Inet | X3000 Firmware | 4.4.9 |
| Gl-Inet | X3000 | - |
| Gl-Inet | Xe3000 Firmware | 4.4.9 |
| Gl-Inet | Xe3000 | - |
Related Weaknesses (CWE)
References
- https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Unauthorized%20Access%20toExploitThird Party Advisory
FAQ
What is CVE-2024-45260?
CVE-2024-45260 is a vulnerability with a CVSS score of 8.0 (HIGH). An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby...
How severe is CVE-2024-45260?
CVE-2024-45260 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-45260?
Check the references section above for vendor advisories and patch information. Affected products include: Gl-Inet Mt6000 Firmware, Gl-Inet Mt6000, Gl-Inet B1300 Firmware, Gl-Inet B1300, Gl-Inet Mt2500 Firmware.