{"id": "CVE-2024-45263", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-10-24T21:15:12.217", "references": [{"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Upload%20to%20ovpn_upload%20via%20Upload%20Interface.md", "tags": ["Third Party Advisory", "Issue Tracking"], "source": "
[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en ciertos dispositivos GL-iNet, incluidos MT6000, MT3000, MT2500, AXT1800 y AX1800 4.6.2. La interfaz de carga permite cargar archivos arbitrarios al dispositivo. Una vez que el dispositivo ejecuta los archivos, puede provocar una fuga de informaci\u00f3n, lo que permite un control total."}], "lastModified": "2025-09-29T15:02:17.183", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt6000_firmware:4.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E548391D-3E1D-4A8C-8F7C-8740EAD5CB9E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CCDE99A6-DA15-4E4B-8C60-CCB9D580BD82"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt3000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02F67B09-8A97-4235-BBFC-24B72C2F8B1F", "versionEndExcluding": "4.6.4", "versionStartIncluding": "4.6.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4D832083-488B-40F2-8D7A-66E917DF67F9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt2500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8537E0A-8726-4355-AA99-06445A43D4D5", "versionEndExcluding": "4.6.4", "versionStartIncluding": "4.6.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3ADF5BF3-0F52-4947-8BC2-3505EDEEDF28"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:axt1800_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4607385A-CD71-4809-A143-EE2E9DE0F69A", "versionEndExcluding": "4.6.4", "versionStartIncluding": "4.6.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FF453954-BC32-4577-8CE4-066812193495"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ax1800_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81DEAE12-BC9B-40C5-9D51-25A478670A73", "versionEndExcluding": "4.6.4", "versionStartIncluding": "4.6.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BCB312FD-370C-4DF9-961F-F0C4920AA368"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:b3000_firmware:4.5.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38EDCC99-D442-4FC5-B9DC-5CF38B6EE1FA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:b3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4EA9AD80-5B5E-4736-9146-5F58212D2988"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:a1300_firmware:4.5.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B48595C6-E07A-4E74-B695-D6D679B6A3ED"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D6DBF472-E98E-4E00-B6A0-6D8FA1678AEA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:x300b_firmware:4.5.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3FAB581-A524-4521-A293-84DD106543C5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2AA4BAC-C6D1-42C0-94E9-5B05AC24A235"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:x3000_firmware:4.4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F075420C-AD43-475E-8398-114AAA4002EE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9479FFAA-9C87-4530-884D-B96055A3D41C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:xe3000_firmware:4.4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "998569E6-B905-4195-B333-FFFB255EA1FC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "265EDD5D-B879-4E8A-A6DE-400BC6273A41"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:x750_firmware:4.3.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A48B5B4A-D6E1-478C-B983-FFD1AC9AA4F0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D1EDFF0-F67C-4801-815C-309940BD7338"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:sft1200_firmware:4.3.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "334563F9-7746-48A4-9E37-0AF55F44DC6A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E656351D-E06E-435F-B1E5-34B89FD8B54B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt1300_firmware:4.3.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "744B2B01-1F28-429F-A898-056470D0DFE1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5CECA41F-E807-4234-8C41-477DE132210E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:e750_firmware:4.3.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64F877D5-D386-4390-8B32-E7110C6E7463"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2D3590B0-7F4B-49C2-BE77-57AD27A91018"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:xe300_firmware:4.3.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CE85DAF-B5ED-4D5B-A009-BC7FA2AD0F92"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57D82B62-F057-42A4-8530-86145AE91AC2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar750_firmware:4.3.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5BC42BD-03FA-45C1-A7D9-BA9DBE68B7A4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "749A6936-392E-430C-ABD3-33D4C5B3D178"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar750s_firmware:4.3.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1406DB81-E531-4648-B427-AB98793BC76A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F18E5F1D-55CD-4F6A-A349-90DD27B29955"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar300m_firmware:4.3.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB18BA54-1E3A-42DE-A4BD-07A96CE04663"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F040AC86-5D7A-4E57-B272-A425DDDE1698"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6BD86A8-D5BA-41D8-BA9F-7228DE2C86F5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FA3E349B-C40F-4DE6-B977-CF677B2F9814"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:b1300_firmware:4.3.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "425AB7BB-4BFC-463F-A0B8-9B1CC7A47FAD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A47EFE3F-D217-469E-BEE6-5D78037C71C3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32494D06-2D09-4A26-B9AF-69F0682638D9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "797DD304-0AF8-4E2C-8F72-ADF31B8AD6F4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "
[email protected]"}
