CVE-2024-45261 (GCVE-0-2024-45261)
Vulnerability from cvelistv5 – Published: 2024-10-24 00:00 – Updated: 2024-10-28 19:19
VLAI?
Summary
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gl-b3000_firmware",
"vendor": "gl-inet",
"versions": [
{
"lessThan": "4.5.19",
"status": "affected",
"version": "4.5.18",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gl-mt6000_firmware",
"vendor": "gl-inet",
"versions": [
{
"lessThan": "4.6.4",
"status": "affected",
"version": "4.6.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gl-x300b_firmware",
"vendor": "gl-inet",
"versions": [
{
"lessThan": "4.5.18",
"status": "affected",
"version": "4.5.17",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gl-xe300_firmware",
"vendor": "gl-inet",
"versions": [
{
"lessThan": "4.4.10",
"status": "affected",
"version": "4.4.9",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gl-x750_firmware",
"vendor": "gl-inet",
"versions": [
{
"lessThan": "4.3.19",
"status": "affected",
"version": "4.3.18",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gl-xe300_firmware",
"vendor": "gl-inet",
"versions": [
{
"lessThan": "4.3.18",
"status": "affected",
"version": "4.3.17",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T19:12:05.989024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T19:19:59.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application\u0027s authentication procedures, they can generate a valid SID, escalate privileges, and gain full control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T20:18:25.796189",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypassing%20Login%20Mechanism%20with%20Passwordless%20User%20Login.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45261",
"datePublished": "2024-10-24T00:00:00",
"dateReserved": "2024-08-25T00:00:00",
"dateUpdated": "2024-10-28T19:19:59.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application\u0027s authentication procedures, they can generate a valid SID, escalate privileges, and gain full control.\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 un problema en ciertos dispositivos GL-iNet, incluidos MT6000, MT3000, MT2500, AXT1800 y AX1800 4.6.2. El SID generado para un usuario espec\\u00edfico no est\\u00e1 vinculado a ese usuario en s\\u00ed, lo que permite que otros usuarios lo utilicen potencialmente para la autenticaci\\u00f3n. Una vez que un atacante elude los procedimientos de autenticaci\\u00f3n de la aplicaci\\u00f3n, puede generar un SID v\\u00e1lido, escalar privilegios y obtener el control total.\"}]",
"id": "CVE-2024-45261",
"lastModified": "2024-10-28T20:35:15.213",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 5.9}]}",
"published": "2024-10-24T21:15:12.057",
"references": "[{\"url\": \"https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypassing%20Login%20Mechanism%20with%20Passwordless%20User%20Login.md\", \"source\": \"cve@mitre.org\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45261\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-10-24T21:15:12.057\",\"lastModified\":\"2025-10-15T17:54:46.297\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application\u0027s authentication procedures, they can generate a valid SID, escalate privileges, and gain full control.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en ciertos dispositivos GL-iNet, incluidos MT6000, MT3000, MT2500, AXT1800 y AX1800 4.6.2. El SID generado para un usuario espec\u00edfico no est\u00e1 vinculado a ese usuario en s\u00ed, lo que permite que otros usuarios lo utilicen potencialmente para la autenticaci\u00f3n. Una vez que un atacante elude los procedimientos de autenticaci\u00f3n de la aplicaci\u00f3n, puede generar un SID v\u00e1lido, escalar privilegios y obtener el control total.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:mt2500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.6.2\",\"versionEndExcluding\":\"4.6.4\",\"matchCriteriaId\":\"A8537E0A-8726-4355-AA99-06445A43D4D5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ADF5BF3-0F52-4947-8BC2-3505EDEEDF28\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:axt1800_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.6.2\",\"versionEndExcluding\":\"4.6.4\",\"matchCriteriaId\":\"4607385A-CD71-4809-A143-EE2E9DE0F69A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:axt1800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF453954-BC32-4577-8CE4-066812193495\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:ax1800_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.6.2\",\"versionEndExcluding\":\"4.6.4\",\"matchCriteriaId\":\"81DEAE12-BC9B-40C5-9D51-25A478670A73\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCB312FD-370C-4DF9-961F-F0C4920AA368\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:b3000_firmware:4.5.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38EDCC99-D442-4FC5-B9DC-5CF38B6EE1FA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:b3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EA9AD80-5B5E-4736-9146-5F58212D2988\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:a1300_firmware:4.5.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B48595C6-E07A-4E74-B695-D6D679B6A3ED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:a1300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6DBF472-E98E-4E00-B6A0-6D8FA1678AEA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:x300b_firmware:4.5.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3FAB581-A524-4521-A293-84DD106543C5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:x300b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2AA4BAC-C6D1-42C0-94E9-5B05AC24A235\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:x3000_firmware:4.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F075420C-AD43-475E-8398-114AAA4002EE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9479FFAA-9C87-4530-884D-B96055A3D41C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:xe3000_firmware:4.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"998569E6-B905-4195-B333-FFFB255EA1FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:xe3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"265EDD5D-B879-4E8A-A6DE-400BC6273A41\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:x750_firmware:4.3.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A48B5B4A-D6E1-478C-B983-FFD1AC9AA4F0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:x750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D1EDFF0-F67C-4801-815C-309940BD7338\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:sft1200_firmware:4.3.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"334563F9-7746-48A4-9E37-0AF55F44DC6A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:sft1200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E656351D-E06E-435F-B1E5-34B89FD8B54B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:mt1300_firmware:4.3.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"744B2B01-1F28-429F-A898-056470D0DFE1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:mt1300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CECA41F-E807-4234-8C41-477DE132210E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:e750_firmware:4.3.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64F877D5-D386-4390-8B32-E7110C6E7463\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:e750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3590B0-7F4B-49C2-BE77-57AD27A91018\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:xe300_firmware:4.3.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CE85DAF-B5ED-4D5B-A009-BC7FA2AD0F92\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:xe300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57D82B62-F057-42A4-8530-86145AE91AC2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:ar750_firmware:4.3.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5BC42BD-03FA-45C1-A7D9-BA9DBE68B7A4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:ar750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"749A6936-392E-430C-ABD3-33D4C5B3D178\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:ar750s_firmware:4.3.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1406DB81-E531-4648-B427-AB98793BC76A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:ar750s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F18E5F1D-55CD-4F6A-A349-90DD27B29955\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:ar300m_firmware:4.3.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB18BA54-1E3A-42DE-A4BD-07A96CE04663\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:ar300m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F040AC86-5D7A-4E57-B272-A425DDDE1698\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32494D06-2D09-4A26-B9AF-69F0682638D9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:mt300n-v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"797DD304-0AF8-4E2C-8F72-ADF31B8AD6F4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:mt3000_firmware:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18C5A721-8F18-450A-8BA9-01AAFECBE5A1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D832083-488B-40F2-8D7A-66E917DF67F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6BD86A8-D5BA-41D8-BA9F-7228DE2C86F5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:ar300m16:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA3E349B-C40F-4DE6-B977-CF677B2F9814\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:mt6000_firmware:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E548391D-3E1D-4A8C-8F7C-8740EAD5CB9E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCDE99A6-DA15-4E4B-8C60-CCB9D580BD82\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:b1300_firmware:4.3.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"425AB7BB-4BFC-463F-A0B8-9B1CC7A47FAD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:b1300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A47EFE3F-D217-469E-BEE6-5D78037C71C3\"}]}]}],\"references\":[{\"url\":\"https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypassing%20Login%20Mechanism%20with%20Passwordless%20User%20Login.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45261\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-28T19:12:05.989024Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:gl-inet:gl-b3000_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"gl-inet\", \"product\": \"gl-b3000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.5.18\", \"lessThan\": \"4.5.19\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-axt1800_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-mt2500_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-mt3000_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-mt6000_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"gl-inet\", \"product\": \"gl-mt6000_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.6.2\", \"lessThan\": \"4.6.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:gl-inet:gl-a1300_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-x300b_firmware:-:*:*:*:*:*:*:*\"], \"vendor\": \"gl-inet\", \"product\": \"gl-x300b_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.5.17\", \"lessThan\": \"4.5.18\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:gl-inet:gl-x3000_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*\"], \"vendor\": \"gl-inet\", \"product\": \"gl-xe300_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.4.9\", \"lessThan\": \"4.4.10\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:gl-inet:gl-mt1300_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-sft1200_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-x750_firmware:-:*:*:*:*:*:*:*\"], \"vendor\": \"gl-inet\", \"product\": \"gl-x750_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.3.18\", \"lessThan\": \"4.3.19\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:gl-inet:gl-ar300m16_firmware:*:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-ar750_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-ar300m_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-ar750s_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-b1300_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-e750_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:gl-inet:gl-xe300_firmware:-:*:*:*:*:*:*:*\"], \"vendor\": \"gl-inet\", \"product\": \"gl-xe300_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.3.17\", \"lessThan\": \"4.3.18\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863 Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-28T19:01:43.032Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypassing%20Login%20Mechanism%20with%20Passwordless%20User%20Login.md\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application\u0027s authentication procedures, they can generate a valid SID, escalate privileges, and gain full control.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-10-24T20:18:25.796189\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45261\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-28T19:19:59.290Z\", \"dateReserved\": \"2024-08-25T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-10-24T00:00:00\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…