CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31474
https://notcve.org/view.php?id=CVE-2023-31474
09 May 2023 — An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Directory_Listing.md •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31478
https://notcve.org/view.php?id=CVE-2023-31478
09 May 2023 — An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/SSID_Key_Disclosure.md •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2019-6274 – GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
https://notcve.org/view.php?id=CVE-2019-6274
16 Jan 2019 — Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. Vulnerabilidad de salto de directorio en storage_cgi en dispositivos GL.iNet GL-AR300M-Lite con firmware en versiones 2.27 permite que los atacantes remotos provoquen un impacto sin especificar mediante secuencias de salto de directorio. GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directo... • https://www.exploit-db.com/exploits/46179 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2019-6273 – GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
https://notcve.org/view.php?id=CVE-2019-6273
16 Jan 2019 — download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files. download_file en dispositivos GL.iNet GL-AR300M-Lite con firmware en versiones 2.27 permite que los atacantes remotos descarguen archivos arbitrarios. GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities. • https://www.exploit-db.com/exploits/46179 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 2CVE-2019-6272 – GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
https://notcve.org/view.php?id=CVE-2019-6272
16 Jan 2019 — Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. Vulnerabilidad de inyección de comandos en login_cgi en dispositivos GL.iNet GL-AR300M-Lite con firmware en versiones 2.27 permite que los atacantes remotos ejecuten código arbitrario. GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities. • https://www.exploit-db.com/exploits/46179 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 2CVE-2019-6275 – GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
https://notcve.org/view.php?id=CVE-2019-6275
16 Jan 2019 — Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. Vulnerabilidad de inyección de comandos en firmware_cgi en dispositivos GL.iNet GL-AR300M-Lite con firmware en versiones 2.27 permite que los atacantes remotos ejecuten código arbitrario. GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities. • https://www.exploit-db.com/exploits/46179 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •