CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46454 – GL.iNet AR300M 4.3.7 Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-46454
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality. En los routers GL.iNET GL-AR300M con firmware v4.3.7, es posible inyectar comandos de shell arbitrarios a través de un nombre de paquete manipulado en la funcionalidad de información del paquete. GL.iNet AR300M versions 4.3.7 and below suffer from an OpenVPN client related remote code execution vulnerability. • https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46455 – GL.iNet AR300M 4.3.7 Arbitrary File Write
https://notcve.org/view.php?id=CVE-2023-46455
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. En los routers GL.iNET GL-AR300M con firmware v4.3.7 es posible escribir archivos arbitrarios mediante un ataque de path traversal en la funcionalidad de carga de archivos del cliente OpenVPN. GL.iNet AR300M versions 4.3.7 and below suffer from an arbitrary file writing vulnerability. • https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities https://www.gl-inet.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46456 – GL.iNet AR300M 3.216 Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-46456
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality. En los routers GL.iNET GL-AR300M con firmware 3.216 es posible inyectar comandos de shell arbitrarios a través de la funcionalidad de carga de archivos del cliente OpenVPN. GL.iNet AR300M versions 3.216 and below suffer from an OpenVPN client related remote code execution vulnerability. • https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities https://www.gl-inet.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47463
https://notcve.org/view.php?id=CVE-2023-47463
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function. Vulnerabilidad de permisos inseguros en GL.iNet AX1800 versión 4.0.0 anterior a 4.5.0 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para la función de autenticación gl_nas_sys. • https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/an%20unauthenticated%20remote%20code%20execution.md • CWE-281: Improper Preservation of Permissions •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-47464
https://notcve.org/view.php?id=CVE-2023-47464
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function. Vulnerabilidad de permisos inseguros en GL.iNet AX1800 versión 4.0.0 anterior a 4.5.0 permite a un atacante remoto ejecutar código arbitrario a través de la función de carga API. • https://github.com/HadessCS/CVE-2023-47464 https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Creation%20Through%20API%20upload.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •