CVE-2024-45263

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-45263
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Upload%20to%20ovpn_upload%20via%20Upload%20Interface.md
Configurations

No configuration.

History

28 Oct 2024, 19:35

Type Values Removed Values Added
CWE CWE-434
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8

25 Oct 2024, 12:56

Type Values Removed Values Added
Summary
  • (es) Se descubriĆ³ un problema en ciertos dispositivos GL-iNet, incluidos MT6000, MT3000, MT2500, AXT1800 y AX1800 4.6.2. La interfaz de carga permite cargar archivos arbitrarios al dispositivo. Una vez que el dispositivo ejecuta los archivos, puede provocar una fuga de informaciĆ³n, lo que permite un control total.

24 Oct 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-24 21:15

Updated : 2024-10-28 19:35

NVD link : CVE-2024-45263

Mitre link : CVE-2024-45263

CVE.ORG link : CVE-2024-45263

JSON object : View

Products Affected

No product.

CWE
CWE-434

Unrestricted Upload of File with Dangerous Type


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024