An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Gl-inet |
|
No data.
No data.
References
History
Mon, 28 Oct 2024 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Gl-inet
Gl-inet gl-a1300 Firmware Gl-inet gl-ar300m16 Firmware Gl-inet gl-ar300m Firmware Gl-inet gl-ar750 Firmware Gl-inet gl-ar750s Firmware Gl-inet gl-ax1800 Firmware Gl-inet gl-axt1800 Firmware Gl-inet gl-b1300 Firmware Gl-inet gl-b3000 Firmware Gl-inet gl-e750 Firmware Gl-inet gl-mt1300 Firmware Gl-inet gl-mt2500 Firmware Gl-inet gl-mt3000 Firmware Gl-inet gl-mt300n-v2 Firmware Gl-inet gl-mt6000 Firmware Gl-inet gl-sft1200 Firmware Gl-inet gl-x3000 Firmware Gl-inet gl-x300b Firmware Gl-inet gl-x750 Firmware Gl-inet gl-xe300 Firmware |
|
| Weaknesses | CWE-434 | |
| CPEs | cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:* |
|
| Vendors & Products |
Gl-inet
Gl-inet gl-a1300 Firmware Gl-inet gl-ar300m16 Firmware Gl-inet gl-ar300m Firmware Gl-inet gl-ar750 Firmware Gl-inet gl-ar750s Firmware Gl-inet gl-ax1800 Firmware Gl-inet gl-axt1800 Firmware Gl-inet gl-b1300 Firmware Gl-inet gl-b3000 Firmware Gl-inet gl-e750 Firmware Gl-inet gl-mt1300 Firmware Gl-inet gl-mt2500 Firmware Gl-inet gl-mt3000 Firmware Gl-inet gl-mt300n-v2 Firmware Gl-inet gl-mt6000 Firmware Gl-inet gl-sft1200 Firmware Gl-inet gl-x3000 Firmware Gl-inet gl-x300b Firmware Gl-inet gl-x750 Firmware Gl-inet gl-xe300 Firmware |
|
| Metrics |
cvssV3_1
|
Thu, 24 Oct 2024 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-10-24T00:00:00
Updated: 2024-10-28T18:52:30.245Z
Reserved: 2024-08-25T00:00:00
Link: CVE-2024-45263
Vulnrichment
Updated: 2024-10-28T18:45:06.617Z
NVD
Status : Awaiting Analysis
Published: 2024-10-24T21:15:12.217
Modified: 2024-10-28T19:35:27.243
Link: CVE-2024-45263
Redhat
No data.