CVE-2024-45260
Last modified
CVE-2024-45260 is a high-severity vulnerability rated 8/10 on the CVSS scale. An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it.. EPSS estimates a 3.87% chance of exploitation in the next 30 days.
Description
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it.
Metrics
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gl-Inet | Mt6000 Firmware | 4.6.2 |
| Gl-Inet | B1300 Firmware | 4.3.17 |
| Gl-Inet | Mt2500 Firmware | >= 4.6.2, < 4.6.4 |
| Gl-Inet | Axt1800 Firmware | >= 4.6.2, < 4.6.4 |
| Gl-Inet | Ax1800 Firmware | >= 4.6.2, < 4.6.4 |
| Gl-Inet | B3000 Firmware | 4.5.18 |
| Gl-Inet | A1300 Firmware | 4.5.17 |
| Gl-Inet | X300b Firmware | 4.5.17 |
| Gl-Inet | X3000 Firmware | 4.4.9 |
| Gl-Inet | Xe3000 Firmware | 4.4.9 |
| Gl-Inet | X750 Firmware | 4.3.18 |
| Gl-Inet | Sft1200 Firmware | 4.3.18 |
| Gl-Inet | Mt1300 Firmware | 4.3.18 |
| Gl-Inet | E750 Firmware | 4.3.17 |
| Gl-Inet | Xe300 Firmware | 4.3.17 |
| Gl-Inet | Ar750 Firmware | 4.3.17 |
| Gl-Inet | Ar750s Firmware | 4.3.17 |
| Gl-Inet | Ar300m Firmware | 4.3.17 |
| Gl-Inet | Mt300n-V2 Firmware | 4.3.17 |
| Gl-Inet | Mt3000 Firmware | 4.6.2 |
| Gl-Inet | Ar300m16 Firmware | 4.3.17 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-45260?
How severe is CVE-2024-45260?
How do I fix CVE-2024-45260?
Are you affected by CVE-2024-45260?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST