CVE-2024-45259 is a vulnerability identified in several GL-iNet router models (MT6000, MT3000, MT2500, AXT1800, AX1800) running firmware version 4.6.2. The issue arises from insufficient validation of the filename parameter in the device's HTTP download interface. An attacker capable of intercepting HTTP requests to the device can manipulate this parameter to specify arbitrary filenames, causing the device to delete any file on its filesystem. This vulnerability does not require authentication or user interaction, making it remotely exploitable by anyone with network access to the device's HTTP management interface. The vulnerability impacts the integrity of the device by allowing unauthorized deletion of files, which could include configuration files or system binaries, potentially leading to device malfunction or denial of service. The CVSS v3.1 score is 6.5 (medium severity), reflecting the attack vector as adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), high integrity impact (I:H), and no availability impact (A:N). No patches or exploits are currently reported, but the vulnerability represents a significant risk for devices exposed to untrusted networks. The root cause relates to CWE-326, indicating improper protection of critical files or resources. Mitigation currently relies on network segmentation and access restrictions until a firmware update is released.

The primary impact of CVE-2024-45259 is on the integrity of affected GL-iNet devices. An attacker can delete arbitrary files, potentially removing critical system or configuration files, which may lead to device instability, loss of configuration, or denial of service. This could disrupt network connectivity for users relying on these devices, impacting business operations or home network security. Since the vulnerability does not affect confidentiality or availability directly, the risk is focused on device reliability and trustworthiness. Organizations using these devices in sensitive environments or as part of critical infrastructure could face operational disruptions. The ease of exploitation without authentication and user interaction increases the threat level, especially in environments where these devices are accessible from untrusted networks. The lack of known exploits in the wild suggests limited current exploitation but also indicates the need for proactive mitigation. The vulnerability could be leveraged as a stepping stone for further attacks if combined with other vulnerabilities or misconfigurations.

1. Immediately restrict network access to the HTTP management interface of affected GL-iNet devices by implementing firewall rules or network segmentation to allow only trusted administrators to connect. 2. Disable remote management over HTTP or restrict it to secure channels such as VPN or SSH tunnels to prevent interception and manipulation of requests. 3. Monitor network traffic for unusual HTTP requests targeting the download interface, especially those attempting to modify filename parameters. 4. Regularly back up device configurations and critical files to enable rapid recovery if file deletion occurs. 5. Stay informed about firmware updates from GL-iNet and apply patches promptly once available to address this vulnerability. 6. Consider replacing affected devices with models that have a stronger security posture if timely patching is not feasible. 7. Employ intrusion detection systems capable of detecting anomalous HTTP requests indicative of exploitation attempts. 8. Educate network administrators about the risks of exposing device management interfaces to untrusted networks and enforce strict access controls.