8.8

CVE-2024-45263

EPSS 0.06%
Veröffentlicht 24.10.2024 21:15:12
Zuletzt bearbeitet 29.09.2025 15:02:17
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gl-inet ≫ Mt6000 Firmware Version4.6.2

Gl-inet ≫ Mt6000 Version-

Gl-inet ≫ Mt3000 Firmware Version >= 4.6.2 < 4.6.4

Gl-inet ≫ Gl-mt3000 Version-

Gl-inet ≫ Mt2500 Firmware Version >= 4.6.2 < 4.6.4

Gl-inet ≫ Mt2500 Version-

Gl-inet ≫ Axt1800 Firmware Version >= 4.6.2 < 4.6.4

Gl-inet ≫ Axt1800 Version-

Gl-inet ≫ Ax1800 Firmware Version >= 4.6.2 < 4.6.4

Gl-inet ≫ Ax1800 Version-

Gl-inet ≫ B3000 Firmware Version4.5.18

Gl-inet ≫ B3000 Version-

Gl-inet ≫ A1300 Firmware Version4.5.17

Gl-inet ≫ A1300 Version-

Gl-inet ≫ X300b Firmware Version4.5.17

Gl-inet ≫ X300b Version-

Gl-inet ≫ X3000 Firmware Version4.4.9

Gl-inet ≫ X3000 Version-

Gl-inet ≫ Xe3000 Firmware Version4.4.9

Gl-inet ≫ Xe3000 Version-

Gl-inet ≫ X750 Firmware Version4.3.18

Gl-inet ≫ X750 Version-

Gl-inet ≫ Sft1200 Firmware Version4.3.18

Gl-inet ≫ Sft1200 Version-

Gl-inet ≫ Mt1300 Firmware Version4.3.18

Gl-inet ≫ Mt1300 Version-

Gl-inet ≫ E750 Firmware Version4.3.17

Gl-inet ≫ E750 Version-

Gl-inet ≫ Xe300 Firmware Version4.3.17

Gl-inet ≫ Xe300 Version-

Gl-inet ≫ Ar750 Firmware Version4.3.17

Gl-inet ≫ Ar750 Version-

Gl-inet ≫ Ar750s Firmware Version4.3.17

Gl-inet ≫ Ar750s Version-

Gl-inet ≫ Ar300m Firmware Version4.3.17

Gl-inet ≫ Ar300m Version-

Gl-inet ≫ Ar300m16 Firmware Version4.3.17

Gl-inet ≫ Ar300m16 Version-

Gl-inet ≫ B1300 Firmware Version4.3.17

Gl-inet ≫ B1300 Version-

Gl-inet ≫ Mt300n-v2 Firmware Version4.3.17

Gl-inet ≫ Mt300n-v2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.183

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Upload%20to%20ovpn_upload%20via%20Upload%20Interface.md

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-45263

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45263

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45263

EUVD