Vulnerability Details CVE-2024-45263
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.9%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2024-45263
-
cpe:2.3:h:gl-inet:a1300:-
-
cpe:2.3:h:gl-inet:ar300m16:-
-
cpe:2.3:h:gl-inet:ar300m:-
-
cpe:2.3:h:gl-inet:ar750:-
-
cpe:2.3:h:gl-inet:ar750s:-
-
cpe:2.3:h:gl-inet:ax1800:-
-
cpe:2.3:h:gl-inet:axt1800:-
-
cpe:2.3:h:gl-inet:b1300:-
-
cpe:2.3:h:gl-inet:b3000:-
-
cpe:2.3:h:gl-inet:e750:-
-
cpe:2.3:h:gl-inet:gl-mt3000:-
-
cpe:2.3:h:gl-inet:mt1300:-
-
cpe:2.3:h:gl-inet:mt2500:-
-
cpe:2.3:h:gl-inet:mt300n-v2:-
-
cpe:2.3:h:gl-inet:mt6000:-
-
cpe:2.3:h:gl-inet:sft1200:-
-
cpe:2.3:h:gl-inet:x3000:-
-
cpe:2.3:h:gl-inet:x300b:-
-
cpe:2.3:h:gl-inet:x750:-
-
cpe:2.3:h:gl-inet:xe3000:-
-
cpe:2.3:h:gl-inet:xe300:-
-
cpe:2.3:o:gl-inet:a1300_firmware:4.5.17
-
cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.17
-
cpe:2.3:o:gl-inet:ar300m_firmware:4.3.17
-
cpe:2.3:o:gl-inet:ar750_firmware:4.3.17
-
cpe:2.3:o:gl-inet:ar750s_firmware:4.3.17
-
cpe:2.3:o:gl-inet:ax1800_firmware:4.6.2
-
cpe:2.3:o:gl-inet:axt1800_firmware:4.6.2
-
cpe:2.3:o:gl-inet:b1300_firmware:4.3.17
-
cpe:2.3:o:gl-inet:b3000_firmware:4.5.18
-
cpe:2.3:o:gl-inet:e750_firmware:4.3.17
-
cpe:2.3:o:gl-inet:mt1300_firmware:4.3.18
-
cpe:2.3:o:gl-inet:mt2500_firmware:4.6.2
-
cpe:2.3:o:gl-inet:mt3000_firmware:4.6.2
-
cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.17
-
cpe:2.3:o:gl-inet:mt6000_firmware:4.6.2
-
cpe:2.3:o:gl-inet:sft1200_firmware:4.3.18
-
cpe:2.3:o:gl-inet:x3000_firmware:4.4.9
-
cpe:2.3:o:gl-inet:x300b_firmware:4.5.17
-
cpe:2.3:o:gl-inet:x750_firmware:4.3.18
-
cpe:2.3:o:gl-inet:xe3000_firmware:4.4.9
-
cpe:2.3:o:gl-inet:xe300_firmware:4.3.17