CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47462
https://notcve.org/view.php?id=CVE-2023-47462
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function. Vulnerabilidad de permisos inseguros en GL.iNet AX1800 v.3.215 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de la función de compartir archivos. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary%20File%20Read%20through%20file%20share.md • CWE-276: Incorrect Default Permissions •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24261
https://notcve.org/view.php?id=CVE-2023-24261
A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request. • https://justinapplegate.me/2023/glinet-CVE-2023-24261 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33620
https://notcve.org/view.php?id=CVE-2023-33620
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. • http://gl-ar750s-ext.com http://glinet.com https://justinapplegate.me/2023/glinet-CVE-2023-33620 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33621
https://notcve.org/view.php?id=CVE-2023-33621
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay. • http://gl-ar750s-ext.com http://glinet.com https://justinapplegate.me/2023/glinet-CVE-2023-33621 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31475
https://notcve.org/view.php?id=CVE-2023-31475
An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Buffer_Overflow.md https://justinapplegate.me/2023/glinet-CVE-2023-31475 https://www.gl-inet.com • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •