Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for b3000_firmware by gl-inet

    CVE-2024-45263 (GCVE-0-2024-45263)

    Vulnerability from nvd – Published: 2024-10-24 00:00 – Updated: 2024-10-28 18:52
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45263",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T18:34:32.730872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T18:52:30.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:21:28.712Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Upload%20to%20ovpn_upload%20via%20Upload%20Interface.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45263",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T18:52:30.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45262 (GCVE-0-2024-45262)

    Vulnerability from nvd – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:22
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45262",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:21:47.832625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:22:25.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:19:54.001Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Improper%20Pathname%20Restriction%20Leading%20to%20Path%20Traversal%20in%20Restricted%20Directories.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45262",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:22:25.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45261 (GCVE-0-2024-45261)

    Vulnerability from nvd – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:19
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45261",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:12:05.989024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:19:59.290Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application\u0027s authentication procedures, they can generate a valid SID, escalate privileges, and gain full control."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:18:25.796Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypassing%20Login%20Mechanism%20with%20Passwordless%20User%20Login.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45261",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:19:59.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45260 (GCVE-0-2024-45260)

    Vulnerability from nvd – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:27
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45260",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:24:33.863289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:27:01.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:11:10.715Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Unauthorized%20Access%20to%20File%20Download%20and%20Upload%20Interfaces.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45260",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:27:01.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45259 (GCVE-0-2024-45259)

    Vulnerability from nvd – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:38
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45259",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:31:51.013958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-326",
                    "description": "CWE-326 Inadequate Encryption Strength",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:38:53.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:09:41.653Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Delete%20Any%20File%20via%20Download%20Interface.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45259",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:38:53.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45263 (GCVE-0-2024-45263)

    Vulnerability from cvelistv5 – Published: 2024-10-24 00:00 – Updated: 2024-10-28 18:52
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45263",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T18:34:32.730872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T18:52:30.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:21:28.712Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Upload%20to%20ovpn_upload%20via%20Upload%20Interface.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45263",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T18:52:30.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45261 (GCVE-0-2024-45261)

    Vulnerability from cvelistv5 – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:19
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45261",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:12:05.989024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:19:59.290Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application\u0027s authentication procedures, they can generate a valid SID, escalate privileges, and gain full control."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:18:25.796Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypassing%20Login%20Mechanism%20with%20Passwordless%20User%20Login.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45261",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:19:59.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45260 (GCVE-0-2024-45260)

    Vulnerability from cvelistv5 – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:27
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45260",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:24:33.863289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:27:01.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:11:10.715Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Unauthorized%20Access%20to%20File%20Download%20and%20Upload%20Interfaces.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45260",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:27:01.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45259 (GCVE-0-2024-45259)

    Vulnerability from cvelistv5 – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:38
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45259",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:31:51.013958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-326",
                    "description": "CWE-326 Inadequate Encryption Strength",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:38:53.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:09:41.653Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Delete%20Any%20File%20via%20Download%20Interface.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45259",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:38:53.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45262 (GCVE-0-2024-45262)

    Vulnerability from cvelistv5 – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:22
    VLAI
    Summary
    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    gl-inet gl-b3000_firmware Affected: 4.5.18 , < 4.5.19 (custom)
        cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-mt6000_firmware Affected: 4.6.2 , < 4.6.4 (custom)
        cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x300b_firmware Affected: 4.5.17 , < 4.5.18 (custom)
        cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.4.9 , < 4.4.10 (custom)
        cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-x750_firmware Affected: 4.3.18 , < 4.3.19 (custom)
        cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    gl-inet gl-xe300_firmware Affected: 4.3.17 , < 4.3.18 (custom)
        cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-b3000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.19",
                    "status": "affected",
                    "version": "4.5.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-mt6000_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.6.4",
                    "status": "affected",
                    "version": "4.6.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x300b_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.5.18",
                    "status": "affected",
                    "version": "4.5.17",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.4.10",
                    "status": "affected",
                    "version": "4.4.9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-x750_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.19",
                    "status": "affected",
                    "version": "4.3.18",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gl-xe300_firmware",
                "vendor": "gl-inet",
                "versions": [
                  {
                    "lessThan": "4.3.18",
                    "status": "affected",
                    "version": "4.3.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45262",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T19:21:47.832625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T19:22:25.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T20:19:54.001Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Improper%20Pathname%20Restriction%20Leading%20to%20Path%20Traversal%20in%20Restricted%20Directories.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45262",
        "datePublished": "2024-10-24T00:00:00.000Z",
        "dateReserved": "2024-08-25T00:00:00.000Z",
        "dateUpdated": "2024-10-28T19:22:25.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }