CVE-2024-45263
📋 TL;DR
This vulnerability allows attackers to upload arbitrary files to affected GL-iNet router devices via the upload interface. Once uploaded, these files can be executed, potentially leading to information leakage and complete device compromise. Users of GL-iNet MT6000, MT3000, MT2500, AXT1800, and AX1800 routers running version 4.6.2 are affected.
💻 Affected Systems
- GL-iNet MT6000
- GL-iNet MT3000
- GL-iNet MT2500
- GL-iNet AXT1800
- GL-iNet AX1800
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete device takeover, credential theft, network traffic interception, and lateral movement to connected devices.
Likely Case
Unauthorized file upload leading to information disclosure and potential remote code execution.
If Mitigated
Limited impact if upload interface is disabled or properly restricted.
🎯 Exploit Status
The GitHub reference provides technical details about the arbitrary file upload vulnerability, making exploitation straightforward for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check GL-iNet firmware updates beyond 4.6.2
Vendor Advisory: https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Upload%20to%20ovpn_upload%20via%20Upload%20Interface.md
Restart Required: Yes
Instructions:
1. Log into GL-iNet router admin interface. 2. Navigate to System > Firmware Upgrade. 3. Check for and install the latest firmware version. 4. Reboot the router after installation.
🔧 Temporary Workarounds
Disable upload interface
allDisable the vulnerable upload interface if not required for operations.
Check GL-iNet admin interface for upload interface settings
Network segmentation
allIsolate affected routers from critical network segments.
🧯 If You Can't Patch
- Disable WAN access to the router admin interface
- Implement strict network access controls to limit who can reach the upload interface
🔍 How to Verify
Check if Vulnerable:
Check router firmware version in admin interface under System > Firmware Upgrade. If version is 4.6.2, device is vulnerable.Check Version:
Log into router admin interface and navigate to System > Firmware Upgrade to view current version.Verify Fix Applied:
After updating firmware, verify version is no longer 4.6.2 and test upload interface functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual file upload activity via upload interface
- Unexpected file execution events
- ovpn_upload related errors
Network Indicators:
- Unusual HTTP POST requests to upload endpoints
- Traffic to/from router on non-standard ports
SIEM Query:
source="router_logs" AND (event="file_upload" OR event="ovpn_upload") AND status="success"