Page 3 of 12 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 64EXPL: 1

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md https://www.gl-inet.com • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 64EXPL: 1

An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Directory_Listing.md https://www.gl-inet.com •