CVE-2024-45263

Name of the Vulnerable Software and Affected Versions GL-iNet MT6000 version 4.6.2 GL-iNet MT3000 version 4.6.2 GL-iNet MT2500 version 4.6.2 GL-iNet AXT1800 version 4.6.2 GL-iNet AX1800 version 4.6.2

Description An issue was discovered on certain GL-iNet devices. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.

Recommendations For GL-iNet MT6000 version 4.6.2, restrict access to the upload interface to minimize the risk of exploitation. For GL-iNet MT3000 version 4.6.2, consider disabling the file execution feature until a patch is available. For GL-iNet MT2500 version 4.6.2, avoid using the upload interface until the issue is resolved. For GL-iNet AXT1800 version 4.6.2, limit the types of files that can be uploaded to prevent malicious file execution. For GL-iNet AX1800 version 4.6.2, implement additional security measures to prevent information leakage and unauthorized control. At the moment, there is no information about a newer version that contains a fix for this vulnerability.