CVE-2024-45260 is a critical authorization bypass vulnerability identified in several GL-iNet router models, specifically MT6000, MT3000, MT2500, AXT1800, and AX1800 running firmware version 4.6.2. The vulnerability stems from improper enforcement of group-based access controls, where users assigned to unauthorized groups can still invoke any device interface. This effectively allows these users to escalate privileges and gain full administrative control over the device. The issue is classified under CWE-863 (Incorrect Authorization), indicating a failure to properly verify user permissions before granting access to sensitive functions. The vulnerability has a CVSS 3.1 score of 8.0, with attack vector being adjacent network (AV:A), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and impacting confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits have been reported in the wild, the potential for complete device takeover poses a significant risk. The lack of available patches at the time of publication increases the urgency for organizations to implement compensating controls. This vulnerability could be exploited by attackers with network access to the device, such as internal employees or malicious actors who have gained limited access, to fully compromise the router and potentially pivot into internal networks.

The impact of CVE-2024-45260 is substantial for organizations using affected GL-iNet devices. Successful exploitation grants attackers full administrative control over the router, enabling them to alter configurations, intercept or redirect network traffic, deploy malware, or create persistent backdoors. This compromises the confidentiality, integrity, and availability of network communications passing through the device. For enterprises, this could lead to data breaches, disruption of business operations, and lateral movement within internal networks. Small and medium businesses relying on these routers for secure connectivity are particularly vulnerable due to limited security monitoring. The vulnerability also poses risks to home users who may have sensitive personal data or IoT devices connected. Since the attack requires only low privileges and no user interaction, it can be executed stealthily by insiders or attackers who have gained limited network access. The absence of patches increases the window of exposure, making timely mitigation critical to prevent exploitation.

1. Immediately restrict access to the management interfaces of affected GL-iNet devices to trusted administrators only, preferably via secure management VLANs or VPNs. 2. Disable remote management features if not strictly necessary to reduce the attack surface. 3. Monitor network traffic and device logs for unusual access patterns or unauthorized interface invocations. 4. Implement network segmentation to isolate vulnerable devices from critical infrastructure and sensitive data. 5. Enforce strong authentication and authorization policies for device access, including multi-factor authentication where supported. 6. Regularly audit user group memberships on the devices to ensure no unauthorized users have elevated privileges. 7. Stay alert for official firmware updates or patches from GL-iNet and apply them promptly once available. 8. Consider deploying network intrusion detection systems (NIDS) to detect anomalous activities targeting these devices. 9. If possible, replace affected devices with models not impacted by this vulnerability or from vendors with more timely security support.