CVSS: 8.3EPSS: 0%CPEs: 24EXPL: 1CVE-2023-50922
https://notcve.org/view.php?id=CVE-2023-50922
03 Jan 2024 — An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. Se descubrió un problema en dispositivos GL.iNet hasta 4.5.0. Los atacantes que pueden robar l... • https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2023-50921
https://notcve.org/view.php?id=CVE-2023-50921
03 Jan 2024 — An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. Se descubrió un problema en dispositivos GL.iNet hasta 4.5.0. Los atacantes pueden invocar la interfaz add_user en el módulo de system para obtener privilegios de root. • https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Add_user_vulnerability.md •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 1CVE-2023-50445 – GL.iNet Unauthenticated Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-50445
28 Dec 2023 — Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module. Vulnerabilidad de inyección de Shell GL.iNet A1300 v4.4.6 AX1800 v4.4.6 AXT1800 v4.4.6 MT3000 v4.4.6 MT... • http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31473
https://notcve.org/view.php?id=CVE-2023-31473
11 May 2023 — An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Read.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31477
https://notcve.org/view.php?id=CVE-2023-31477
11 May 2023 — A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Path_Traversal.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31475
https://notcve.org/view.php?id=CVE-2023-31475
11 May 2023 — An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Buffer_Overflow.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31471
https://notcve.org/view.php?id=CVE-2023-31471
10 May 2023 — An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Abuse_of_Functionality_leads_to_RCE.md •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31472
https://notcve.org/view.php?id=CVE-2023-31472
09 May 2023 — An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31474
https://notcve.org/view.php?id=CVE-2023-31474
09 May 2023 — An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Directory_Listing.md •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31478
https://notcve.org/view.php?id=CVE-2023-31478
09 May 2023 — An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/SSID_Key_Disclosure.md •