CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24261
https://notcve.org/view.php?id=CVE-2023-24261
21 Jun 2023 — A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request. • https://justinapplegate.me/2023/glinet-CVE-2023-24261 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31473
https://notcve.org/view.php?id=CVE-2023-31473
11 May 2023 — An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Read.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31477
https://notcve.org/view.php?id=CVE-2023-31477
11 May 2023 — A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Path_Traversal.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31475
https://notcve.org/view.php?id=CVE-2023-31475
11 May 2023 — An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Buffer_Overflow.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31471
https://notcve.org/view.php?id=CVE-2023-31471
10 May 2023 — An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Abuse_of_Functionality_leads_to_RCE.md •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31472
https://notcve.org/view.php?id=CVE-2023-31472
09 May 2023 — An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31474
https://notcve.org/view.php?id=CVE-2023-31474
09 May 2023 — An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Directory_Listing.md •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31478
https://notcve.org/view.php?id=CVE-2023-31478
09 May 2023 — An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/SSID_Key_Disclosure.md •