Vulnerability Description
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gl-Inet | Mt6000 Firmware | 4.6.2 |
| Gl-Inet | Mt6000 | - |
| Gl-Inet | Mt3000 Firmware | >= 4.6.2, < 4.6.4 |
| Gl-Inet | Gl-Mt3000 | - |
| Gl-Inet | Mt2500 Firmware | >= 4.6.2, < 4.6.4 |
| Gl-Inet | Mt2500 | - |
| Gl-Inet | Axt1800 Firmware | >= 4.6.2, < 4.6.4 |
| Gl-Inet | Axt1800 | - |
| Gl-Inet | Ax1800 Firmware | >= 4.6.2, < 4.6.4 |
| Gl-Inet | Ax1800 | - |
| Gl-Inet | B3000 Firmware | 4.5.18 |
| Gl-Inet | B3000 | - |
| Gl-Inet | A1300 Firmware | 4.5.17 |
| Gl-Inet | A1300 | - |
| Gl-Inet | X300B Firmware | 4.5.17 |
| Gl-Inet | X300B | - |
| Gl-Inet | X3000 Firmware | 4.4.9 |
| Gl-Inet | X3000 | - |
| Gl-Inet | Xe3000 Firmware | 4.4.9 |
| Gl-Inet | Xe3000 | - |
Related Weaknesses (CWE)
References
- https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Upload%Issue TrackingThird Party Advisory
FAQ
What is CVE-2024-45263?
CVE-2024-45263 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the de...
How severe is CVE-2024-45263?
CVE-2024-45263 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-45263?
Check the references section above for vendor advisories and patch information. Affected products include: Gl-Inet Mt6000 Firmware, Gl-Inet Mt6000, Gl-Inet Mt3000 Firmware, Gl-Inet Gl-Mt3000, Gl-Inet Mt2500 Firmware.