CVSS: 10.0EPSS: 0%CPEs: 49EXPL: 0CVE-2024-39227
https://notcve.org/view.php?id=CVE-2024-39227
06 Aug 2024 — GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config. GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and... • http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVSS: 10.0EPSS: 0%CPEs: 29EXPL: 0CVE-2024-39228
https://notcve.org/view.php?id=CVE-2024-39228
06 Aug 2024 — GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 were discovered to contain a shell injection vulnerability via the interface check_config. GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 ... • http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31473
https://notcve.org/view.php?id=CVE-2023-31473
11 May 2023 — An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Read.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31477
https://notcve.org/view.php?id=CVE-2023-31477
11 May 2023 — A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Path_Traversal.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31475
https://notcve.org/view.php?id=CVE-2023-31475
11 May 2023 — An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Buffer_Overflow.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31471
https://notcve.org/view.php?id=CVE-2023-31471
10 May 2023 — An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Abuse_of_Functionality_leads_to_RCE.md •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31472
https://notcve.org/view.php?id=CVE-2023-31472
09 May 2023 — An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31474
https://notcve.org/view.php?id=CVE-2023-31474
09 May 2023 — An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/Directory_Listing.md •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-31476
https://notcve.org/view.php?id=CVE-2023-31476
09 May 2023 — An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www). • https://github.com/gl-inet/CVE-issues/blob/main/3.215/GL-MV1000_Arbitrary_File_Creation.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 1CVE-2023-31478
https://notcve.org/view.php?id=CVE-2023-31478
09 May 2023 — An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. • https://github.com/gl-inet/CVE-issues/blob/main/3.215/SSID_Key_Disclosure.md •