An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 29 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Gl-inet a1300
Gl-inet a1300 Firmware
Gl-inet ar300m
Gl-inet ar300m16
Gl-inet ar300m16 Firmware
Gl-inet ar300m Firmware
Gl-inet ar750
Gl-inet ar750 Firmware
Gl-inet ar750s
Gl-inet ar750s Firmware
Gl-inet ax1800
Gl-inet ax1800 Firmware
Gl-inet axt1800
Gl-inet axt1800 Firmware
Gl-inet b1300
Gl-inet b1300 Firmware
Gl-inet b3000
Gl-inet b3000 Firmware
Gl-inet e750
Gl-inet e750 Firmware
Gl-inet gl-mt3000
Gl-inet mt1300
Gl-inet mt1300 Firmware
Gl-inet mt2500
Gl-inet mt2500 Firmware
Gl-inet mt3000 Firmware
Gl-inet mt300n-v2
Gl-inet mt300n-v2 Firmware
Gl-inet mt6000
Gl-inet mt6000 Firmware
Gl-inet sft1200
Gl-inet sft1200 Firmware
Gl-inet x3000
Gl-inet x3000 Firmware
Gl-inet x300b
Gl-inet x300b Firmware
Gl-inet x750
Gl-inet x750 Firmware
Gl-inet xe300
Gl-inet xe3000
Gl-inet xe3000 Firmware
Gl-inet xe300 Firmware
CPEs cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:b3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:a1300_firmware:4.5.17:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.17:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar300m_firmware:4.3.17:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750_firmware:4.3.17:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ar750s_firmware:4.3.17:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:ax1800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:axt1800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b1300_firmware:4.3.17:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:b3000_firmware:4.5.18:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:e750_firmware:4.3.17:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt1300_firmware:4.3.18:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.17:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:mt6000_firmware:4.6.2:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:sft1200_firmware:4.3.18:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x3000_firmware:4.4.9:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x300b_firmware:4.5.17:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:x750_firmware:4.3.18:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe3000_firmware:4.4.9:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:xe300_firmware:4.3.17:*:*:*:*:*:*:*
Vendors & Products Gl-inet a1300
Gl-inet a1300 Firmware
Gl-inet ar300m
Gl-inet ar300m16
Gl-inet ar300m16 Firmware
Gl-inet ar300m Firmware
Gl-inet ar750
Gl-inet ar750 Firmware
Gl-inet ar750s
Gl-inet ar750s Firmware
Gl-inet ax1800
Gl-inet ax1800 Firmware
Gl-inet axt1800
Gl-inet axt1800 Firmware
Gl-inet b1300
Gl-inet b1300 Firmware
Gl-inet b3000
Gl-inet b3000 Firmware
Gl-inet e750
Gl-inet e750 Firmware
Gl-inet gl-mt3000
Gl-inet mt1300
Gl-inet mt1300 Firmware
Gl-inet mt2500
Gl-inet mt2500 Firmware
Gl-inet mt3000 Firmware
Gl-inet mt300n-v2
Gl-inet mt300n-v2 Firmware
Gl-inet mt6000
Gl-inet mt6000 Firmware
Gl-inet sft1200
Gl-inet sft1200 Firmware
Gl-inet x3000
Gl-inet x3000 Firmware
Gl-inet x300b
Gl-inet x300b Firmware
Gl-inet x750
Gl-inet x750 Firmware
Gl-inet xe300
Gl-inet xe3000
Gl-inet xe3000 Firmware
Gl-inet xe300 Firmware

Mon, 28 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Gl-inet
Gl-inet gl-a1300 Firmware
Gl-inet gl-ar300m16 Firmware
Gl-inet gl-ar300m Firmware
Gl-inet gl-ar750 Firmware
Gl-inet gl-ar750s Firmware
Gl-inet gl-ax1800 Firmware
Gl-inet gl-axt1800 Firmware
Gl-inet gl-b1300 Firmware
Gl-inet gl-b3000 Firmware
Gl-inet gl-e750 Firmware
Gl-inet gl-mt1300 Firmware
Gl-inet gl-mt2500 Firmware
Gl-inet gl-mt3000 Firmware
Gl-inet gl-mt300n-v2 Firmware
Gl-inet gl-mt6000 Firmware
Gl-inet gl-sft1200 Firmware
Gl-inet gl-x3000 Firmware
Gl-inet gl-x300b Firmware
Gl-inet gl-x750 Firmware
Gl-inet gl-xe300 Firmware
Weaknesses CWE-434
CPEs cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
Vendors & Products Gl-inet
Gl-inet gl-a1300 Firmware
Gl-inet gl-ar300m16 Firmware
Gl-inet gl-ar300m Firmware
Gl-inet gl-ar750 Firmware
Gl-inet gl-ar750s Firmware
Gl-inet gl-ax1800 Firmware
Gl-inet gl-axt1800 Firmware
Gl-inet gl-b1300 Firmware
Gl-inet gl-b3000 Firmware
Gl-inet gl-e750 Firmware
Gl-inet gl-mt1300 Firmware
Gl-inet gl-mt2500 Firmware
Gl-inet gl-mt3000 Firmware
Gl-inet gl-mt300n-v2 Firmware
Gl-inet gl-mt6000 Firmware
Gl-inet gl-sft1200 Firmware
Gl-inet gl-x3000 Firmware
Gl-inet gl-x300b Firmware
Gl-inet gl-x750 Firmware
Gl-inet gl-xe300 Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 24 Oct 2024 20:30:00 +0000

Type Values Removed Values Added
Description An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-10-28T18:52:30.245Z

Reserved: 2024-08-25T00:00:00

Link: CVE-2024-45263

cve-icon Vulnrichment

Updated: 2024-10-28T18:45:06.617Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-24T21:15:12.217

Modified: 2025-09-29T15:02:17.183

Link: CVE-2024-45263

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.