CVE-2024-45262
published 2024-10-24CVE-2024-45262: An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the…
PriorityP350high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
0.65%
46.4th percentile
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gl-inet | a1300_firmware | — | — |
| gl-inet | ar300m16_firmware | — | — |
| gl-inet | ar300m_firmware | — | — |
| gl-inet | ar750_firmware | — | — |
| gl-inet | ar750s_firmware | — | — |
| gl-inet | ax1800_firmware | >= 4.6.2 < 4.6.4 | 4.6.4 |
| gl-inet | axt1800_firmware | >= 4.6.2 < 4.6.4 | 4.6.4 |
| gl-inet | b1300_firmware | — | — |
| gl-inet | b3000_firmware | — | — |
| gl-inet | e750_firmware | — | — |
| gl-inet | mt1300_firmware | — | — |
| gl-inet | mt2500_firmware | >= 4.6.2 < 4.6.4 | 4.6.4 |
| gl-inet | mt3000_firmware | — | — |
| gl-inet | mt300n-v2_firmware | — | — |
| gl-inet | mt6000_firmware | — | — |
| gl-inet | sft1200_firmware | — | — |
| gl-inet | x3000_firmware | — | — |
| gl-inet | x300b_firmware | — | — |
| gl-inet | x750_firmware | — | — |
| gl-inet | xe3000_firmware | — | — |
| gl-inet | xe300_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-24
Published