CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-31476
https://notcve.org/view.php?id=CVE-2023-31476
An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www). • https://github.com/gl-inet/CVE-issues/blob/main/3.215/GL-MV1000_Arbitrary_File_Creation.md https://www.gl-inet.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31474
https://notcve.org/view.php?id=CVE-2023-31474
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Directory_Listing.md https://www.gl-inet.com •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-29778
https://notcve.org/view.php?id=CVE-2023-29778
GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. • http://glinet.com https://github.com/OlivierLaflamme/cve/blob/main/GL.iNET/MT3000/get_nginx_log_RCE.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44212
https://notcve.org/view.php?id=CVE-2022-44212
In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. En GL.iNet Goodcloud 1.0, el diseño inseguro permite a un atacante remoto acceder al panel de administración de los dispositivos. • https://forum.gl-inet.com/t/security-advisories-vulnerabilities-and-cves-of-gl-inet-software/25518/2 •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44211
https://notcve.org/view.php?id=CVE-2022-44211
In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings. En GL.iNet Goodcloud 1.1 El control de acceso incorrecto permite a un atacante remoto acceder/cambiar la configuración de los dispositivos. • https://forum.gl-inet.com/t/security-advisories-vulnerabilities-and-cves-of-gl-inet-software/25518 •