CVE-2024-45263 in MT6000
Summary
by MITRE • 10/25/2024
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 10/29/2024
This vulnerability affects multiple GL-iNet router models including MT6000, MT3000, MT2500, AXT1800, and AX1800 running firmware version 4.6.2. The issue stems from an insecure file upload mechanism within the device's web interface that permits unauthorized users to upload malicious files to the system. This represents a critical security flaw that can be exploited to gain complete administrative control over the affected devices.
The technical implementation of this vulnerability involves a lack of proper input validation and file type restrictions in the upload interface. Attackers can bypass these security controls to upload arbitrary files including scripts, binaries, or web shells that can be executed by the device's operating system. This weakness falls under the CWE-434 category of Unrestricted Upload of File, which is classified as a high-severity vulnerability in the Common Weakness Enumeration catalog. The vulnerability enables attackers to execute code remotely and establish persistent access to the network infrastructure.
The operational impact of this vulnerability is severe as it allows attackers to achieve complete system compromise without requiring legitimate credentials. Once exploited, adversaries can access sensitive network information, modify device configurations, monitor network traffic, and potentially use the compromised device as a pivot point for attacking other systems within the network. The vulnerability also enables information leakage through the execution of malicious code that can exfiltrate data from the device or network. This represents a significant risk to network security and can lead to data breaches, service disruption, and unauthorized access to connected systems.
Mitigation strategies should include immediate firmware updates from GL-iNet to address the vulnerability, implementing network segmentation to limit the impact of potential compromise, and deploying intrusion detection systems to monitor for suspicious file upload activities. Network administrators should also consider disabling unnecessary web interfaces, implementing strict access controls, and regularly auditing device configurations. From an ATT&CK framework perspective, this vulnerability maps to techniques such as T1566.001 (Phishing: Spearphishing Attachment) and T1059.007 (Command and Scripting Interpreter: PowerShell) as attackers may leverage the compromised device for further reconnaissance and lateral movement activities. Organizations should also implement network monitoring solutions that can detect anomalous file upload patterns and unauthorized system modifications to prevent exploitation of this vulnerability.