An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Gl-inet |
|
No data.
No data.
References
History
Mon, 28 Oct 2024 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Gl-inet
Gl-inet gl-a1300 Firmware Gl-inet gl-ar300m16 Firmware Gl-inet gl-ar300m Firmware Gl-inet gl-ar750 Firmware Gl-inet gl-ar750s Firmware Gl-inet gl-ax1800 Firmware Gl-inet gl-axt1800 Firmware Gl-inet gl-b1300 Firmware Gl-inet gl-b3000 Firmware Gl-inet gl-e750 Firmware Gl-inet gl-mt1300 Firmware Gl-inet gl-mt2500 Firmware Gl-inet gl-mt3000 Firmware Gl-inet gl-mt300n-v2 Firmware Gl-inet gl-mt6000 Firmware Gl-inet gl-sft1200 Firmware Gl-inet gl-x3000 Firmware Gl-inet gl-x300b Firmware Gl-inet gl-x750 Firmware Gl-inet gl-xe300 Firmware |
|
| Weaknesses | CWE-863 | |
| CPEs | cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:* |
|
| Vendors & Products |
Gl-inet
Gl-inet gl-a1300 Firmware Gl-inet gl-ar300m16 Firmware Gl-inet gl-ar300m Firmware Gl-inet gl-ar750 Firmware Gl-inet gl-ar750s Firmware Gl-inet gl-ax1800 Firmware Gl-inet gl-axt1800 Firmware Gl-inet gl-b1300 Firmware Gl-inet gl-b3000 Firmware Gl-inet gl-e750 Firmware Gl-inet gl-mt1300 Firmware Gl-inet gl-mt2500 Firmware Gl-inet gl-mt3000 Firmware Gl-inet gl-mt300n-v2 Firmware Gl-inet gl-mt6000 Firmware Gl-inet gl-sft1200 Firmware Gl-inet gl-x3000 Firmware Gl-inet gl-x300b Firmware Gl-inet gl-x750 Firmware Gl-inet gl-xe300 Firmware |
|
| Metrics |
cvssV3_1
|
Thu, 24 Oct 2024 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-10-24T00:00:00
Updated: 2024-10-28T19:19:59.290Z
Reserved: 2024-08-25T00:00:00
Link: CVE-2024-45261
Vulnrichment
Updated: 2024-10-28T19:01:43.032Z
NVD
Status : Awaiting Analysis
Published: 2024-10-24T21:15:12.057
Modified: 2024-10-28T20:35:15.213
Link: CVE-2024-45261
Redhat
No data.