An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Gl-inet |
|
No data.
No data.
References
History
Mon, 28 Oct 2024 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Gl-inet
Gl-inet gl-a1300 Firmware Gl-inet gl-ar300m16 Firmware Gl-inet gl-ar300m Firmware Gl-inet gl-ar750 Firmware Gl-inet gl-ar750s Firmware Gl-inet gl-ax1800 Firmware Gl-inet gl-axt1800 Firmware Gl-inet gl-b1300 Firmware Gl-inet gl-b3000 Firmware Gl-inet gl-e750 Firmware Gl-inet gl-mt1300 Firmware Gl-inet gl-mt2500 Firmware Gl-inet gl-mt3000 Firmware Gl-inet gl-mt300n-v2 Firmware Gl-inet gl-mt6000 Firmware Gl-inet gl-sft1200 Firmware Gl-inet gl-x3000 Firmware Gl-inet gl-x300b Firmware Gl-inet gl-x750 Firmware Gl-inet gl-xe300 Firmware |
|
| Weaknesses | CWE-326 | |
| CPEs | cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:* |
|
| Vendors & Products |
Gl-inet
Gl-inet gl-a1300 Firmware Gl-inet gl-ar300m16 Firmware Gl-inet gl-ar300m Firmware Gl-inet gl-ar750 Firmware Gl-inet gl-ar750s Firmware Gl-inet gl-ax1800 Firmware Gl-inet gl-axt1800 Firmware Gl-inet gl-b1300 Firmware Gl-inet gl-b3000 Firmware Gl-inet gl-e750 Firmware Gl-inet gl-mt1300 Firmware Gl-inet gl-mt2500 Firmware Gl-inet gl-mt3000 Firmware Gl-inet gl-mt300n-v2 Firmware Gl-inet gl-mt6000 Firmware Gl-inet gl-sft1200 Firmware Gl-inet gl-x3000 Firmware Gl-inet gl-x300b Firmware Gl-inet gl-x750 Firmware Gl-inet gl-xe300 Firmware |
|
| Metrics |
cvssV3_1
|
Thu, 24 Oct 2024 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-10-24T00:00:00
Updated: 2024-10-28T19:38:53.728Z
Reserved: 2024-08-25T00:00:00
Link: CVE-2024-45259
Vulnrichment
Updated: 2024-10-28T19:01:33.024Z
NVD
Status : Awaiting Analysis
Published: 2024-10-24T20:15:04.323
Modified: 2024-10-28T20:35:13.597
Link: CVE-2024-45259
Redhat
No data.