CVE-2024-45261

{"id": "CVE-2024-45261", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2024-10-24T21:15:12.057", "references": [{"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypassing%20Login%20Mechanism%20with%20Passwordless%20User%20Login.md", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en ciertos dispositivos GL-iNet, incluidos MT6000, MT3000, MT2500, AXT1800 y AX1800 4.6.2. El SID generado para un usuario espec\u00edfico no est\u00e1 vinculado a ese usuario en s\u00ed, lo que permite que otros usuarios lo utilicen potencialmente para la autenticaci\u00f3n. Una vez que un atacante elude los procedimientos de autenticaci\u00f3n de la aplicaci\u00f3n, puede generar un SID v\u00e1lido, escalar privilegios y obtener el control total."}], "lastModified": "2024-10-28T20:35:15.213", "sourceIdentifier": "cve@mitre.org"}