CVE-2024-45260
8.0
Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.1 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
Description
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it.
Affected (21)
Products: Gl Inet: Mt6000 Firmware, B1300 Firmware, Mt2500 Firmware, Axt1800 Firmware, Ax1800 Firmware, B3000 Firmware, A1300 Firmware, X300b Firmware, X3000 Firmware, Xe3000 Firmware, X750 Firmware, Sft1200 Firmware, Mt1300 Firmware, E750 Firmware, Xe300 Firmware, Ar750 Firmware, Ar750s Firmware, Ar300m Firmware, Mt300n V2 Firmware, Mt3000 Firmware, Ar300m16 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.6.2 | |
| Version 4.3.17 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet Mt6000 | All versions |
Gl Inet B1300 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.6.2 to 4.6.4 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet Mt2500 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.6.2 to 4.6.4 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet Axt1800 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.6.2 to 4.6.4 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet Ax1800 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.5.18 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet B3000 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.5.17 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet A1300 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.5.17 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet X300b | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.4.9 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet X3000 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.4.9 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet Xe3000 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.3.18 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet X750 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.3.18 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet Sft1200 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.3.18 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet Mt1300 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.3.17 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet E750 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.3.17 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet Xe300 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.3.17 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet Ar750 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.3.17 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet Ar750s | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.3.17 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet Ar300m | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.3.17 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet Mt300n V2 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.6.2 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet Gl Mt3000 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.3.17 |
| Running on/with | Platform Versions |
|---|---|
Gl Inet Ar300m16 | All versions |
References (1)
Source: cve@mitre.org
ExploitThird Party Advisory
Timeline
No history available yet.