CVE-2024-45263 - Vulnerability Details

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00074.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Gl-inet	A1300 A1300 Firmware Ar300m Ar300m16 Ar300m16 Firmware Ar300m Firmware Ar750 Ar750 Firmware Ar750s Ar750s Firmware Ax1800 Ax1800 Firmware Axt1800 Axt1800 Firmware B1300 B1300 Firmware B3000 B3000 Firmware E750 E750 Firmware Gl-a1300 Firmware Gl-ar300m16 Firmware Gl-ar300m Firmware Gl-ar750 Firmware Gl-ar750s Firmware Gl-ax1800 Firmware Gl-axt1800 Firmware Gl-b1300 Firmware Gl-b3000 Firmware Gl-e750 Firmware Gl-mt1300 Firmware Gl-mt2500 Firmware Gl-mt3000 Gl-mt3000 Firmware Gl-mt300n-v2 Firmware Gl-mt6000 Firmware Gl-sft1200 Firmware Gl-x3000 Firmware Gl-x300b Firmware Gl-x750 Firmware Gl-xe300 Firmware Mt1300 Mt1300 Firmware Mt2500 Mt2500 Firmware Mt3000 Firmware Mt300n-v2 Mt300n-v2 Firmware Mt6000 Mt6000 Firmware Sft1200 Sft1200 Firmware X3000 X3000 Firmware X300b X300b Firmware X750 X750 Firmware Xe300 Xe3000 Xe3000 Firmware Xe300 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:gl-inet:mt6000_firmware:4.6.2:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:gl-inet:mt3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:gl-inet:mt2500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:gl-inet:axt1800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:gl-inet:ax1800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:gl-inet:b3000_firmware:4.5.18:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:b3000:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:gl-inet:a1300_firmware:4.5.17:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:gl-inet:x300b_firmware:4.5.17:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:gl-inet:x3000_firmware:4.4.9:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:gl-inet:xe3000_firmware:4.4.9:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:gl-inet:x750_firmware:4.3.18:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:gl-inet:sft1200_firmware:4.3.18:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:gl-inet:mt1300_firmware:4.3.18:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:gl-inet:e750_firmware:4.3.17:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:gl-inet:xe300_firmware:4.3.17:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:gl-inet:ar750_firmware:4.3.17:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:gl-inet:ar750s_firmware:4.3.17:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:gl-inet:ar300m_firmware:4.3.17:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.17:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:gl-inet:b1300_firmware:4.3.17:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.17:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Upload%20to%20ovpn_upload%20via%20Upload%20Interface.md

History

Mon, 29 Sep 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gl-inet a1300 Gl-inet a1300 Firmware Gl-inet ar300m Gl-inet ar300m16 Gl-inet ar300m16 Firmware Gl-inet ar300m Firmware Gl-inet ar750 Gl-inet ar750 Firmware Gl-inet ar750s Gl-inet ar750s Firmware Gl-inet ax1800 Gl-inet ax1800 Firmware Gl-inet axt1800 Gl-inet axt1800 Firmware Gl-inet b1300 Gl-inet b1300 Firmware Gl-inet b3000 Gl-inet b3000 Firmware Gl-inet e750 Gl-inet e750 Firmware Gl-inet gl-mt3000 Gl-inet mt1300 Gl-inet mt1300 Firmware Gl-inet mt2500 Gl-inet mt2500 Firmware Gl-inet mt3000 Firmware Gl-inet mt300n-v2 Gl-inet mt300n-v2 Firmware Gl-inet mt6000 Gl-inet mt6000 Firmware Gl-inet sft1200 Gl-inet sft1200 Firmware Gl-inet x3000 Gl-inet x3000 Firmware Gl-inet x300b Gl-inet x300b Firmware Gl-inet x750 Gl-inet x750 Firmware Gl-inet xe300 Gl-inet xe3000 Gl-inet xe3000 Firmware Gl-inet xe300 Firmware
CPEs		cpe:2.3:h:gl-inet:a1300:-:::::::* cpe:2.3:h:gl-inet:ar300m16:-:::::::* cpe:2.3:h:gl-inet:ar300m:-:::::::* cpe:2.3:h:gl-inet:ar750:-:::::::* cpe:2.3:h:gl-inet:ar750s:-:::::::* cpe:2.3:h:gl-inet:ax1800:-:::::::* cpe:2.3:h:gl-inet:axt1800:-:::::::* cpe:2.3:h:gl-inet:b1300:-:::::::* cpe:2.3:h:gl-inet:b3000:-:::::::* cpe:2.3:h:gl-inet:e750:-:::::::* cpe:2.3:h:gl-inet:gl-mt3000:-:::::::* cpe:2.3:h:gl-inet:mt1300:-:::::::* cpe:2.3:h:gl-inet:mt2500:-:::::::* cpe:2.3:h:gl-inet:mt300n-v2:-:::::::* cpe:2.3:h:gl-inet:mt6000:-:::::::* cpe:2.3:h:gl-inet:sft1200:-:::::::* cpe:2.3:h:gl-inet:x3000:-:::::::* cpe:2.3:h:gl-inet:x300b:-:::::::* cpe:2.3:h:gl-inet:x750:-:::::::* cpe:2.3:h:gl-inet:xe3000:-:::::::* cpe:2.3:h:gl-inet:xe300:-:::::::* cpe:2.3:o:gl-inet:a1300_firmware:4.5.17:::::::* cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.17:::::::* cpe:2.3:o:gl-inet:ar300m_firmware:4.3.17:::::::* cpe:2.3:o:gl-inet:ar750_firmware:4.3.17:::::::* cpe:2.3:o:gl-inet:ar750s_firmware:4.3.17:::::::* cpe:2.3:o:gl-inet:ax1800_firmware:::::::: cpe:2.3:o:gl-inet:axt1800_firmware:::::::: cpe:2.3:o:gl-inet:b1300_firmware:4.3.17:::::::* cpe:2.3:o:gl-inet:b3000_firmware:4.5.18:::::::* cpe:2.3:o:gl-inet:e750_firmware:4.3.17:::::::* cpe:2.3:o:gl-inet:mt1300_firmware:4.3.18:::::::* cpe:2.3:o:gl-inet:mt2500_firmware:::::::: cpe:2.3:o:gl-inet:mt3000_firmware:::::::: cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.17:::::::* cpe:2.3:o:gl-inet:mt6000_firmware:4.6.2:::::::* cpe:2.3:o:gl-inet:sft1200_firmware:4.3.18:::::::* cpe:2.3:o:gl-inet:x3000_firmware:4.4.9:::::::* cpe:2.3:o:gl-inet:x300b_firmware:4.5.17:::::::* cpe:2.3:o:gl-inet:x750_firmware:4.3.18:::::::* cpe:2.3:o:gl-inet:xe3000_firmware:4.4.9:::::::* cpe:2.3:o:gl-inet:xe300_firmware:4.3.17:::::::*
Vendors & Products		Gl-inet a1300 Gl-inet a1300 Firmware Gl-inet ar300m Gl-inet ar300m16 Gl-inet ar300m16 Firmware Gl-inet ar300m Firmware Gl-inet ar750 Gl-inet ar750 Firmware Gl-inet ar750s Gl-inet ar750s Firmware Gl-inet ax1800 Gl-inet ax1800 Firmware Gl-inet axt1800 Gl-inet axt1800 Firmware Gl-inet b1300 Gl-inet b1300 Firmware Gl-inet b3000 Gl-inet b3000 Firmware Gl-inet e750 Gl-inet e750 Firmware Gl-inet gl-mt3000 Gl-inet mt1300 Gl-inet mt1300 Firmware Gl-inet mt2500 Gl-inet mt2500 Firmware Gl-inet mt3000 Firmware Gl-inet mt300n-v2 Gl-inet mt300n-v2 Firmware Gl-inet mt6000 Gl-inet mt6000 Firmware Gl-inet sft1200 Gl-inet sft1200 Firmware Gl-inet x3000 Gl-inet x3000 Firmware Gl-inet x300b Gl-inet x300b Firmware Gl-inet x750 Gl-inet x750 Firmware Gl-inet xe300 Gl-inet xe3000 Gl-inet xe3000 Firmware Gl-inet xe300 Firmware

Mon, 28 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gl-inet Gl-inet gl-a1300 Firmware Gl-inet gl-ar300m16 Firmware Gl-inet gl-ar300m Firmware Gl-inet gl-ar750 Firmware Gl-inet gl-ar750s Firmware Gl-inet gl-ax1800 Firmware Gl-inet gl-axt1800 Firmware Gl-inet gl-b1300 Firmware Gl-inet gl-b3000 Firmware Gl-inet gl-e750 Firmware Gl-inet gl-mt1300 Firmware Gl-inet gl-mt2500 Firmware Gl-inet gl-mt3000 Firmware Gl-inet gl-mt300n-v2 Firmware Gl-inet gl-mt6000 Firmware Gl-inet gl-sft1200 Firmware Gl-inet gl-x3000 Firmware Gl-inet gl-x300b Firmware Gl-inet gl-x750 Firmware Gl-inet gl-xe300 Firmware
Weaknesses		CWE-434
CPEs		cpe:2.3:o:gl-inet:gl-a1300_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-ar300m16_firmware:::::::: cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-ar750_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-ax1800_firmware:::::::: cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-b1300_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-b3000_firmware:::::::: cpe:2.3:o:gl-inet:gl-e750_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-mt6000_firmware:::::::: cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-x3000_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-x300b_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-x750_firmware:-:::::::* cpe:2.3:o:gl-inet:gl-xe300_firmware:-:::::::*
Vendors & Products		Gl-inet Gl-inet gl-a1300 Firmware Gl-inet gl-ar300m16 Firmware Gl-inet gl-ar300m Firmware Gl-inet gl-ar750 Firmware Gl-inet gl-ar750s Firmware Gl-inet gl-ax1800 Firmware Gl-inet gl-axt1800 Firmware Gl-inet gl-b1300 Firmware Gl-inet gl-b3000 Firmware Gl-inet gl-e750 Firmware Gl-inet gl-mt1300 Firmware Gl-inet gl-mt2500 Firmware Gl-inet gl-mt3000 Firmware Gl-inet gl-mt300n-v2 Firmware Gl-inet gl-mt6000 Firmware Gl-inet gl-sft1200 Firmware Gl-inet gl-x3000 Firmware Gl-inet gl-x300b Firmware Gl-inet gl-x750 Firmware Gl-inet gl-xe300 Firmware
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 24 Oct 2024 20:30:00 +0000

Type	Values Removed	Values Added
Description		An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.
References		https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Upload%20to%20ovpn_upload%20via%20Upload%20Interface.md

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-10-24T00:00:00

Updated: 2024-10-28T18:52:30.245Z

Reserved: 2024-08-25T00:00:00

Link: CVE-2024-45263

Vulnrichment

Updated: 2024-10-28T18:45:06.617Z

NVD

Status : Analyzed

Published: 2024-10-24T21:15:12.217

Modified: 2025-09-29T15:02:17.183

Link: CVE-2024-45263

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object