Filtered by vendor Gl-inet
Subscribe
Total
39 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-33620 | 1 Gl-inet | 2 Gl-ar750s, Gl-ar750s Firmware | 2024-02-28 | N/A | 5.9 MEDIUM |
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. | |||||
CVE-2023-31477 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2024-02-28 | N/A | 7.5 HIGH |
A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path. | |||||
CVE-2023-31471 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2024-02-28 | N/A | 9.8 CRITICAL |
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL. | |||||
CVE-2023-29778 | 1 Gl-inet | 2 Gl-mt3000, Gl-mt3000 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. | |||||
CVE-2023-24261 | 1 Gl-inet | 2 Gl-e750, Gl-e750 Firmware | 2024-02-28 | N/A | 7.2 HIGH |
A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request. | |||||
CVE-2023-31473 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2024-02-28 | N/A | 4.9 MEDIUM |
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file. | |||||
CVE-2023-31475 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2024-02-28 | N/A | 9.8 CRITICAL |
An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer. | |||||
CVE-2023-31478 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2024-02-28 | N/A | 7.5 HIGH |
An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. | |||||
CVE-2023-31472 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2024-02-28 | N/A | 7.5 HIGH |
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. | |||||
CVE-2022-44212 | 1 Gl-inet | 1 Goodcloud | 2024-02-28 | N/A | 5.9 MEDIUM |
In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. | |||||
CVE-2022-44211 | 1 Gl-inet | 1 Goodcloud | 2024-02-28 | N/A | 7.4 HIGH |
In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings. | |||||
CVE-2022-31898 | 1 Gl-inet | 4 Gl-ax1800, Gl-ax1800 Firmware, Gl-mt300n-v2 and 1 more | 2024-02-28 | N/A | 6.8 MEDIUM |
gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. | |||||
CVE-2022-42054 | 1 Gl-inet | 1 Goodcloud | 2024-02-28 | N/A | 5.4 MEDIUM |
Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. | |||||
CVE-2022-42055 | 1 Gl-inet | 1 Goodcloud | 2024-02-28 | N/A | 6.5 MEDIUM |
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. | |||||
CVE-2021-44148 | 1 Gl-inet | 2 Gl-ar150, Gl-ar150 Firmware | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name. | |||||
CVE-2019-6275 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | |||||
CVE-2019-6273 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files. | |||||
CVE-2019-6272 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | |||||
CVE-2019-6274 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. |