296 matches found
CVE-2025-25684
A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...
CVE-2025-25685
An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share...
CVE-2025-25685
CVE-2025-25685 affects GL.iNet Beryl AX GL-MT3000 (v4.7.0). The issue allows attackers to download arbitrary files from the device’s filesystem by adding symbolic links on an external drive that is exposed as a Samba share. Root cause described is related to the handling of symbolic links on the ...
CVE-2025-25684
A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...
CVE-2025-25684
CVE-2025-25684 affects GL.iNet Beryl AX GL-MT3000 (v4.7.0). A lack of validation in the /download path permits arbitrary file download from the device via a crafted POST request. Public references in the dataset confirm the vulnerability class as a path-traversal-like flaw enabling access to the ...
CVE-2025-25685
An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share...
GL.iNet Beryl AX GL-MT3000 安全漏洞
GL.iNet Beryl AX GL-MT3000 is a portable WiFi 6 router from China's Guanglian Zhitong GL.iNet. It is used to provide network connectivity and supports 2.5G network ports and a variety of features. A security vulnerability exists in GL.iNet Beryl AX GL-MT3000 version v4.7.0, which stems from...
CVE-2024-45263
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control...
CVE-2024-45261
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's...
CVE-2024-45263
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control...
CVE-2024-45262
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path...
CVE-2024-45261
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's...
CVE-2024-45260
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...
CVE-2024-45260
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...
CVE-2024-45259
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted...
CVE-2024-45259
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted...
CVE-2024-45263
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control...
CVE-2024-45259
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted...
CVE-2024-45260
CVE-2024-45260 affects GL.iNet devices (MT6000, MT3000, MT2500, AXT1800, AX1800) running version 4.6.2. The issue allows users in unauthorized groups to invoke any interface of the device, leading to full control. Provided sources consistently describe the affected models and version, but do not ...
CVE-2024-45262
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path...