CVE-2024-45261 is a critical authentication bypass vulnerability found in several GL-iNet router models (MT6000, MT3000, MT2500, AXT1800, AX1800) running firmware version 4.6.2. The root cause is improper binding of the Session ID (SID) to the authenticated user. Normally, a SID should uniquely identify a session for a specific user, preventing reuse by others. However, in this case, the SID generation mechanism does not enforce this binding, allowing an attacker to reuse or forge valid SIDs for other users. This flaw effectively bypasses authentication controls, enabling attackers with low privileges to escalate their access rights to full administrative control over the device. The vulnerability is remotely exploitable over the network (attack vector: adjacent network) with low complexity and no user interaction required. The impact includes full compromise of device confidentiality, integrity, and availability, enabling attackers to manipulate device settings, intercept or redirect network traffic, and potentially pivot to internal networks. The vulnerability is classified under CWE-863 (Incorrect Authorization). Although no public exploits are known at this time, the high CVSS score (8.0) reflects the serious risk posed by this flaw. No patches have been linked yet, so mitigation relies on network controls and monitoring until vendor fixes are released.

The vulnerability allows attackers to bypass authentication and escalate privileges on affected GL-iNet devices, leading to full administrative control. This compromises device confidentiality, allowing exposure of sensitive configuration and network data. Integrity is impacted as attackers can alter device settings, firmware, and routing rules. Availability can be disrupted by attackers disabling or misconfiguring the device. Since these devices often serve as network gateways or Wi-Fi routers, compromise can lead to interception or redirection of network traffic, enabling further attacks on connected systems. Organizations relying on these devices for secure network access, especially in small to medium enterprises or branch offices, face significant risk of network intrusion, data theft, and lateral movement. The vulnerability’s remote exploitability and lack of user interaction requirement increase the likelihood of automated or targeted attacks once exploit code becomes available.

1. Monitor GL-iNet vendor communications closely for official patches or firmware updates addressing CVE-2024-45261 and apply them immediately upon release. 2. Until patches are available, restrict network access to affected devices by implementing strict firewall rules limiting management interface exposure to trusted networks only. 3. Employ network segmentation to isolate GL-iNet devices from critical infrastructure and sensitive data environments. 4. Enable and review device logs and network traffic monitoring to detect unusual authentication attempts or session reuse patterns indicative of SID misuse. 5. Consider deploying multi-factor authentication (MFA) if supported by the device firmware to add an additional layer of authentication security. 6. Regularly audit device configurations and user accounts to identify unauthorized changes or privilege escalations. 7. If possible, temporarily disable remote management features or restrict them to VPN access to reduce attack surface. 8. Educate network administrators on the risks and signs of exploitation related to this vulnerability to improve incident response readiness.