6 matches found
CVE-2025-25684
A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...
CVE-2025-25684
creationtimestamp| type| source ---|---|--- 2025-03-17 19:08:45+00:00| seen| https://t.me/cvedetector/20493 2025-03-19 20:18:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8147...
CVE-2025-25684
A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...
CVE-2025-25684
A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...
CVE-2025-25684
CVE-2025-25684 affects GL.iNet Beryl AX GL-MT3000 (v4.7.0). A lack of validation in the /download path permits arbitrary file download from the device via a crafted POST request. Public references in the dataset confirm the vulnerability class as a path-traversal-like flaw enabling access to the ...
CVE-2025-25684
A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...