What is the severity of CVE-2024-45263?

CVE-2024-45263 is considered a high-severity vulnerability due to the potential for remote code execution and information leakage.

How can I mitigate CVE-2024-45263?

Mitigation for CVE-2024-45263 includes restricting access to the upload interface and applying firmware updates that address this issue.

Which devices are affected by CVE-2024-45263?

CVE-2024-45263 affects GL-iNet devices, specifically MT6000, MT3000, MT2500, AXT1800, and AX1800 models.

What types of attacks can CVE-2024-45263 enable?

CVE-2024-45263 could enable attackers to execute arbitrary files, leading to unauthorized access and complete control over the affected device.

Is there a known fix for CVE-2024-45263?

Yes, the vendor has released updated firmware to address the vulnerabilities associated with CVE-2024-45263, which should be installed immediately.

Vulnerability/
CVE-2024-45263

high

8.8

CWE

434

24/10/2024

28/10/2024

CVE-2024-45263: Malicious File Upload

First published: Thu Oct 24 2024(Updated: )

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
GL.iNet MT6000
GL.iNet MT3000 Firmware
GL.iNet MT2500 firmware
GL-iNet AXT1800 firmware
GL.iNet GL-AX1800

Never miss a vulnerability like this again

Reference Links

https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Upload%20to%20ovpn_upload%20via%20Upload%20Interface.md

Frequently Asked Questions

What is the severity of CVE-2024-45263?
CVE-2024-45263 is considered a high-severity vulnerability due to the potential for remote code execution and information leakage.
How can I mitigate CVE-2024-45263?
Mitigation for CVE-2024-45263 includes restricting access to the upload interface and applying firmware updates that address this issue.
Which devices are affected by CVE-2024-45263?
CVE-2024-45263 affects GL-iNet devices, specifically MT6000, MT3000, MT2500, AXT1800, and AX1800 models.
What types of attacks can CVE-2024-45263 enable?
CVE-2024-45263 could enable attackers to execute arbitrary files, leading to unauthorized access and complete control over the affected device.
Is there a known fix for CVE-2024-45263?
Yes, the vendor has released updated firmware to address the vulnerabilities associated with CVE-2024-45263, which should be installed immediately.

agent/references
agent/type
agent/description
agent/first-publish-date
agent/author
collector/nvd-api
source/NVD
agent/severity
agent/last-modified-date
agent/weakness
agent/event
collector/mitre-cve
source/MITRE
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/gl-inet
canonical/gl.inet mt6000
canonical/gl.inet mt3000 firmware
canonical/gl.inet mt2500 firmware
canonical/gl-inet axt1800 firmware
canonical/gl.inet gl-ax1800

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.