2 matches found
CVE-2024-45261
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's...
CVE-2024-45261
GL.iNet devices (MT6000/MT3000/MT2500/AXT1800/AX1800) with firmware 4.6.2 have a flaw where the SID generated for a user is not bound to that user, enabling other users to reuse it for authentication and potentially escalate privileges to full control after bypassing login. Reported by multiple s...