CVE-2024-45259

Exploit

EPSS 0.03%
Veröffentlicht 24.10.2024 20:15:04
Zuletzt bearbeitet 15.10.2025 17:55:27
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gl-inet ≫ Mt3000 Firmware Version4.6.2

Gl-inet ≫ Gl-mt3000 Version-

Gl-inet ≫ Mt2500 Firmware Version >= 4.6.2 < 4.6.4

Gl-inet ≫ Mt2500 Version-

Gl-inet ≫ Axt1800 Firmware Version >= 4.6.2 < 4.6.4

Gl-inet ≫ Axt1800 Version-

Gl-inet ≫ Ax1800 Firmware Version >= 4.6.2 < 4.6.4

Gl-inet ≫ Ax1800 Version-

Gl-inet ≫ B3000 Firmware Version4.5.18

Gl-inet ≫ B3000 Version-

Gl-inet ≫ A1300 Firmware Version4.5.17

Gl-inet ≫ A1300 Version-

Gl-inet ≫ X300b Firmware Version4.5.17

Gl-inet ≫ X300b Version-

Gl-inet ≫ X3000 Firmware Version4.4.9

Gl-inet ≫ X3000 Version-

Gl-inet ≫ Xe3000 Firmware Version4.4.9

Gl-inet ≫ Xe3000 Version-

Gl-inet ≫ X750 Firmware Version4.3.18

Gl-inet ≫ X750 Version-

Gl-inet ≫ Sft1200 Firmware Version4.3.18

Gl-inet ≫ Sft1200 Version-

Gl-inet ≫ Mt1300 Firmware Version4.3.18

Gl-inet ≫ Mt1300 Version-

Gl-inet ≫ E750 Firmware Version4.3.17

Gl-inet ≫ E750 Version-

Gl-inet ≫ Xe300 Firmware Version4.3.17

Gl-inet ≫ Xe300 Version-

Gl-inet ≫ Ar750 Firmware Version4.3.17

Gl-inet ≫ Ar750 Version-

Gl-inet ≫ Ar750s Firmware Version4.3.17

Gl-inet ≫ Ar750s Version-

Gl-inet ≫ Ar300m Firmware Version4.3.17

Gl-inet ≫ Ar300m Version-

Gl-inet ≫ Ar300m16 Firmware Version4.3.17

Gl-inet ≫ Ar300m16 Version-

Gl-inet ≫ Mt300n-v2 Firmware Version4.3.17

Gl-inet ≫ Mt300n-v2 Version-

Gl-inet ≫ B1300 Firmware Version4.3.17

Gl-inet ≫ B1300 Version-

Gl-inet ≫ Mt6000 Firmware Version4.6.2

Gl-inet ≫ Mt6000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.068

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Delete%20Any%20File%20via%20Download%20Interface.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-45259

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45259

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45259

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-45259