CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44212
https://notcve.org/view.php?id=CVE-2022-44212
In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. En GL.iNet Goodcloud 1.0, el diseño inseguro permite a un atacante remoto acceder al panel de administración de los dispositivos. • https://forum.gl-inet.com/t/security-advisories-vulnerabilities-and-cves-of-gl-inet-software/25518/2 •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44211
https://notcve.org/view.php?id=CVE-2022-44211
In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings. En GL.iNet Goodcloud 1.1 El control de acceso incorrecto permite a un atacante remoto acceder/cambiar la configuración de los dispositivos. • https://forum.gl-inet.com/t/security-advisories-vulnerabilities-and-cves-of-gl-inet-software/25518 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42055
https://notcve.org/view.php?id=CVE-2022-42055
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. Múltiples vulnerabilidades de inyección de comandos en GL.iNet GoodCloud IoT Device Management System versión 1.00.220412.00 a través de las herramientas ping y traceroute permiten a los atacantes leer archivos arbitrarios en el sistema. • https://boschko.ca/glinet-router • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42054
https://notcve.org/view.php?id=CVE-2022-42054
Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. Múltiples vulnerabilidades de Stored Cross-Site Scripting (XSS) en GL.iNet GoodCloud IoT Device Management System Versión 1.00.220412.00 permiten a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en Company Name y Description text. • https://boschko.ca/glinet-router • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •