4 results (0.003 seconds)

CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 2

Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. Vulnerabilidad de inyección de comandos en firmware_cgi en dispositivos GL.iNet GL-AR300M-Lite con firmware en versiones 2.27 permite que los atacantes remotos ejecuten código arbitrario. GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities. • https://www.exploit-db.com/exploits/46179 http://packetstormsecurity.com/files/151207/GL-AR300M-Lite-2.2.7-Command-Injection-Directory-Traversal.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 2

Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. Vulnerabilidad de salto de directorio en storage_cgi en dispositivos GL.iNet GL-AR300M-Lite con firmware en versiones 2.27 permite que los atacantes remotos provoquen un impacto sin especificar mediante secuencias de salto de directorio. GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities. • https://www.exploit-db.com/exploits/46179 http://packetstormsecurity.com/files/151207/GL-AR300M-Lite-2.2.7-Command-Injection-Directory-Traversal.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2

download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files. download_file en dispositivos GL.iNet GL-AR300M-Lite con firmware en versiones 2.27 permite que los atacantes remotos descarguen archivos arbitrarios. GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities. • https://www.exploit-db.com/exploits/46179 http://packetstormsecurity.com/files/151207/GL-AR300M-Lite-2.2.7-Command-Injection-Directory-Traversal.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 2

Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. Vulnerabilidad de inyección de comandos en login_cgi en dispositivos GL.iNet GL-AR300M-Lite con firmware en versiones 2.27 permite que los atacantes remotos ejecuten código arbitrario. GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities. • https://www.exploit-db.com/exploits/46179 http://packetstormsecurity.com/files/151207/GL-AR300M-Lite-2.2.7-Command-Injection-Directory-Traversal.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •