CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-31898
https://notcve.org/view.php?id=CVE-2022-31898
gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. Se descubrió que gl-inet GL-MT300N-V2 Mango v3.212 y GL-AX1800 Flint v3.214 contienen múltiples vulnerabilidades de inyección de comandos a través de los parámetros de función ping_addr y trace_addr. • https://boschko.ca/glinet-router • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42055
https://notcve.org/view.php?id=CVE-2022-42055
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. Múltiples vulnerabilidades de inyección de comandos en GL.iNet GoodCloud IoT Device Management System versión 1.00.220412.00 a través de las herramientas ping y traceroute permiten a los atacantes leer archivos arbitrarios en el sistema. • https://boschko.ca/glinet-router • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42054
https://notcve.org/view.php?id=CVE-2022-42054
Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. Múltiples vulnerabilidades de Stored Cross-Site Scripting (XSS) en GL.iNet GoodCloud IoT Device Management System Versión 1.00.220412.00 permiten a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en Company Name y Description text. • https://boschko.ca/glinet-router • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44148
https://notcve.org/view.php?id=CVE-2021-44148
GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name. Los dispositivos GL.iNet GL-AR150 versiones 2.x anteriores a 3.x, configurados como repetidores, permiten el cgi-bin/router_cgi?action=scanwifi XSS cuando un atacante crea un SSID con una carga útil de tipo XSS como nombre • https://beaugraham.com/CVE-2021-44148-xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 2CVE-2019-6275 – GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
https://notcve.org/view.php?id=CVE-2019-6275
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. Vulnerabilidad de inyección de comandos en firmware_cgi en dispositivos GL.iNet GL-AR300M-Lite con firmware en versiones 2.27 permite que los atacantes remotos ejecuten código arbitrario. GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities. • https://www.exploit-db.com/exploits/46179 http://packetstormsecurity.com/files/151207/GL-AR300M-Lite-2.2.7-Command-Injection-Directory-Traversal.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •