CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-29778
https://notcve.org/view.php?id=CVE-2023-29778
02 May 2023 — GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. • http://glinet.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44211
https://notcve.org/view.php?id=CVE-2022-44211
01 Dec 2022 — In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings. En GL.iNet Goodcloud 1.1 El control de acceso incorrecto permite a un atacante remoto acceder/cambiar la configuración de los dispositivos. • https://forum.gl-inet.com/t/security-advisories-vulnerabilities-and-cves-of-gl-inet-software/25518 •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44212
https://notcve.org/view.php?id=CVE-2022-44212
01 Dec 2022 — In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. En GL.iNet Goodcloud 1.0, el diseño inseguro permite a un atacante remoto acceder al panel de administración de los dispositivos. • https://forum.gl-inet.com/t/security-advisories-vulnerabilities-and-cves-of-gl-inet-software/25518/2 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42055
https://notcve.org/view.php?id=CVE-2022-42055
27 Oct 2022 — Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. Múltiples vulnerabilidades de inyección de comandos en GL.iNet GoodCloud IoT Device Management System versión 1.00.220412.00 a través de las herramientas ping y traceroute permiten a los atacantes leer archivos arbitrarios en el sistema. • https://boschko.ca/glinet-router • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 2CVE-2022-31898
https://notcve.org/view.php?id=CVE-2022-31898
27 Oct 2022 — gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. Se descubrió que gl-inet GL-MT300N-V2 Mango v3.212 y GL-AX1800 Flint v3.214 contienen múltiples vulnerabilidades de inyección de comandos a través de los parámetros de función ping_addr y trace_addr. • https://github.com/gigaryte/cve-2022-31898 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42054
https://notcve.org/view.php?id=CVE-2022-42054
27 Oct 2022 — Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. Múltiples vulnerabilidades de Stored Cross-Site Scripting (XSS) en GL.iNet GoodCloud IoT Device Management System Versión 1.00.220412.00 permiten a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyec... • https://boschko.ca/glinet-router • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44148
https://notcve.org/view.php?id=CVE-2021-44148
07 Dec 2021 — GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name. Los dispositivos GL.iNet GL-AR150 versiones 2.x anteriores a 3.x, configurados como repetidores, permiten el cgi-bin/router_cgi?action=scanwifi XSS cuando un atacante crea un SSID con una carga útil de tipo XSS como nombre • https://beaugraham.com/CVE-2021-44148-xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2019-6274 – GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
https://notcve.org/view.php?id=CVE-2019-6274
16 Jan 2019 — Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. Vulnerabilidad de salto de directorio en storage_cgi en dispositivos GL.iNet GL-AR300M-Lite con firmware en versiones 2.27 permite que los atacantes remotos provoquen un impacto sin especificar mediante secuencias de salto de directorio. GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directo... • https://www.exploit-db.com/exploits/46179 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2019-6273 – GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
https://notcve.org/view.php?id=CVE-2019-6273
16 Jan 2019 — download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files. download_file en dispositivos GL.iNet GL-AR300M-Lite con firmware en versiones 2.27 permite que los atacantes remotos descarguen archivos arbitrarios. GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities. • https://www.exploit-db.com/exploits/46179 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 2CVE-2019-6272 – GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
https://notcve.org/view.php?id=CVE-2019-6272
16 Jan 2019 — Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. Vulnerabilidad de inyección de comandos en login_cgi en dispositivos GL.iNet GL-AR300M-Lite con firmware en versiones 2.27 permite que los atacantes remotos ejecuten código arbitrario. GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities. • https://www.exploit-db.com/exploits/46179 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •