CVE-2024-45262 in MT6000
Summary
by MITRE • 10/25/2024
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 10/29/2024
This vulnerability exists within the rpc endpoint of specific GL-iNet router models including MT6000, MT3000, MT2500, AXT1800, and AX1800 running firmware version 4.6.2. The flaw resides in the handling of the params parameter within the call method, which fails to properly validate or sanitize user input before processing. This directory traversal vulnerability allows malicious actors to manipulate the path parameter and execute arbitrary scripts anywhere within the device filesystem, potentially leading to complete system compromise. The vulnerability stems from insufficient input validation and improper path handling mechanisms that should have prevented unauthorized access to system resources.
The technical exploitation of this vulnerability follows a directory traversal pattern that aligns with CWE-22, which describes improper limitation of a pathname to a restricted directory. Attackers can craft malicious requests that manipulate the params parameter to navigate outside the intended directory structure and execute commands at arbitrary locations. This type of vulnerability falls under the ATT&CK technique T1059.007 for command and scripting interpreter, specifically targeting remote code execution through web interfaces. The vulnerability enables attackers to bypass normal access controls and execute malicious code with the privileges of the affected service, typically root or administrative privileges.
The operational impact of this vulnerability is severe as it provides attackers with complete control over affected devices. Successful exploitation can lead to persistent backdoor access, data exfiltration, network reconnaissance, and potential use as a pivot point for attacking other systems within the network. The vulnerability affects multiple device models, increasing the attack surface and potential impact across various network environments. Organizations relying on these devices for network infrastructure may experience unauthorized access, data breaches, and loss of network control. The vulnerability is particularly dangerous because it allows execution of scripts at any path, potentially enabling attackers to modify system files, install malware, or establish persistent access to the network.
Mitigation strategies should include immediate firmware updates from GL-iNet to address the directory traversal vulnerability, network segmentation to limit access to affected devices, and implementation of network monitoring to detect anomalous RPC endpoint activity. Access controls should be strengthened through authentication mechanisms, and the affected devices should be isolated from critical network segments until patched. Regular security assessments of network infrastructure should be conducted to identify similar vulnerabilities in other network equipment. Organizations should also implement intrusion detection systems to monitor for exploitation attempts and maintain detailed logs of RPC endpoint interactions for forensic analysis. The vulnerability highlights the importance of proper input validation and secure coding practices, particularly in network device management interfaces, and aligns with security best practices outlined in NIST SP 800-53 for system security planning and implementation.