CVE-2024-45262 is a critical directory traversal vulnerability identified in multiple GL-iNet router models (MT6000, MT3000, MT2500, AXT1800, AX1800) running firmware version 4.6.2. The flaw resides in the /rpc endpoint's call method, specifically in the handling of the 'params' parameter. Improper validation allows attackers to traverse directories arbitrarily, bypassing intended path restrictions. This enables execution of scripts located anywhere on the device's filesystem. Since the vulnerability requires no authentication (PR:N) and no user interaction (UI:N), it can be exploited remotely by an attacker with network access to the device. The vulnerability impacts confidentiality, integrity, and availability severely, as attackers can execute arbitrary code, potentially gaining full control over the device. The CVSS score of 8.8 reflects these risks. Although no public exploits or patches are currently available, the vulnerability represents a significant risk for affected devices. The issue is classified under CWE-22, indicating a failure to properly restrict pathname inputs, a common and dangerous security flaw in web-facing interfaces.

The exploitation of CVE-2024-45262 can have severe consequences for organizations using affected GL-iNet devices. Attackers can remotely execute arbitrary scripts, leading to full device compromise. This can result in unauthorized access to network traffic, interception or manipulation of data, disruption of network services, and use of the compromised device as a pivot point for further attacks within the network. Confidentiality is at risk due to potential data leakage; integrity is compromised by unauthorized code execution and configuration changes; availability can be disrupted by malicious scripts causing device instability or denial of service. Given these devices often serve as gateways or Wi-Fi routers in enterprise, small business, or home environments, the impact can range from localized network disruption to broader organizational security breaches. The lack of authentication requirement and ease of exploitation increase the threat level, especially in environments where these devices are exposed to untrusted networks.

Organizations should immediately audit their networks to identify the presence of affected GL-iNet devices running firmware version 4.6.2. Until an official patch is released, the following mitigations are recommended: 1) Restrict network access to the /rpc endpoint by implementing firewall rules or access control lists limiting access to trusted management networks only. 2) Disable remote management features if not required, especially those exposing the /rpc endpoint to external networks. 3) Monitor device logs and network traffic for unusual activity indicative of exploitation attempts targeting the /rpc endpoint. 4) Employ network segmentation to isolate vulnerable devices from critical infrastructure. 5) Contact GL-iNet support or monitor official channels for firmware updates addressing this vulnerability and apply patches promptly once available. 6) Consider replacing affected devices with alternatives that have a stronger security track record if immediate patching is not feasible. 7) Implement intrusion detection systems (IDS) with signatures for directory traversal attempts targeting GL-iNet devices to detect exploitation attempts early.