CVE-2024-45261
published 2024-10-24CVE-2024-45261: An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not…
PriorityP345high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
EPSS
0.48%
37.8th percentile
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gl-inet | a1300_firmware | — | — |
| gl-inet | ar300m16_firmware | — | — |
| gl-inet | ar300m_firmware | — | — |
| gl-inet | ar750_firmware | — | — |
| gl-inet | ar750s_firmware | — | — |
| gl-inet | ax1800_firmware | >= 4.6.2 < 4.6.4 | 4.6.4 |
| gl-inet | axt1800_firmware | >= 4.6.2 < 4.6.4 | 4.6.4 |
| gl-inet | b1300_firmware | — | — |
| gl-inet | b3000_firmware | — | — |
| gl-inet | e750_firmware | — | — |
| gl-inet | mt1300_firmware | — | — |
| gl-inet | mt2500_firmware | >= 4.6.2 < 4.6.4 | 4.6.4 |
| gl-inet | mt3000_firmware | — | — |
| gl-inet | mt300n-v2_firmware | — | — |
| gl-inet | mt6000_firmware | — | — |
| gl-inet | sft1200_firmware | — | — |
| gl-inet | x3000_firmware | — | — |
| gl-inet | x300b_firmware | — | — |
| gl-inet | x750_firmware | — | — |
| gl-inet | xe3000_firmware | — | — |
| gl-inet | xe300_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS GL-iNet Authentication Bypass attempt (CVE-2024-45261)
suricata·2025-04-28·CVSS 8.0
CVE-2024-45261 [HIGH] ET WEB_SPECIFIC_APPS GL-iNet Authentication Bypass attempt (CVE-2024-45261)
ET WEB_SPECIFIC_APPS GL-iNet Authentication Bypass attempt (CVE-2024-45261)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS GL-iNet Authentication Bypass attempt (CVE-2024-45261)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/rpc"; http.content_type; content:"application/json"; http.request_body; content:"jsonrpc"; fast_pattern; content:"|22|id|22 3a|"; content:"1"; within:10; content:"|22|method|22 3a|"; content:"|22|login|22|"; within:15; content:"|22|params|22 3a|"; content:"|22|username|22 3a|"; pcre:"/^.*?(?:ubus|nobody)\x22/R"; content:"|22|hash|22 3a|"; reference:cve,2024-45261; reference:url,github.com/isstabber/GL.iNet-Exploits; classtype:attempted-admin; sid:2061947; rev:1; metadata:affected_product GL_iNet, attack_target Netw
No public exploits indexed.
No writeups or analysis indexed.
2024-10-24
Published