296 matches found
CVE-2024-45263
CVE-2024-45263 affects GL.iNet devices: MT6000, MT3000, MT2500, AXT1800, and AX1800 (firmware 4.6.2). The upload interface accepts arbitrary files; when executed by the device, this can cause information leakage and give an attacker complete control. No mitigations or patches are provided in the ...
CVE-2024-45260
CVE-2024-45260 affects GL.iNet devices (MT6000, MT3000, MT2500, AXT1800, AX1800) running version 4.6.2. The issue allows users in unauthorized groups to invoke any interface of the device, leading to full control. Provided sources consistently describe the affected models and version, but do not ...
PT-2024-31519 · Gl.Inet · Gl-Inet Mt6000 +3
Name of the Vulnerable Software and Affected Versions: GL-iNet MT6000 version 4.6.2 GL-iNet MT3000 version 4.6.2 GL-iNet MT2500 version 4.6.2 GL-iNet AXT1800 version 4.6.2 GL-iNet AX1800 version 4.6.2 Description: An issue was discovered on certain GL-iNet devices. The params parameter in the cal...
GL.iNet多款产品 安全漏洞
GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router. A security vulnerability exists in several GL.iNet products. An attacker exploiting this...
CVE-2024-45260
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...
CVE-2024-45262
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path...
CVE-2024-45261
GL.iNet devices (MT6000/MT3000/MT2500/AXT1800/AX1800) with firmware 4.6.2 have a flaw where the SID generated for a user is not bound to that user, enabling other users to reuse it for authentication and potentially escalate privileges to full control after bypassing login. Reported by multiple s...
CVE-2024-45261
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's...
GL.iNet多款产品 安全漏洞
GL.iNet MT3000 and others are products of GL.iNet China.GL.iNet MT3000 is an AX3000 portable router using Wi-Fi 6 protocol.GL.iNet MT2500 is a router.GL.iNet MT6000 is a router.GL.iNet MT6000 is a router. A security vulnerability exists in several GL.iNet products. An attacker could exploit the...
GL.iNet多款产品 安全漏洞
GL.iNet AX1800 and others are products of China Guanglian Zhitong GL.iNet company.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router.GL.iNet MT6000 is a router.GL.iNet AXT1800 is a router.GL.iNet MT6000 is a router.GL.iNet MT6000 is a router. A security vulnerability exists in severa...
CVE-2024-45259
An issue in GL.iNet devices (MT6000, MT3000, MT2500, AXT1800, AX1800) running 4.6.2 allows deletion of any file via the download interface by intercepting an HTTP request and altering the filename property. The root cause is manipulation of the filename parameter in the download flow, leading to ...
GL.iNet多款产品 安全漏洞
GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet AXT1800 is a router.GL.iNet MT2500 is a router.GL.iNet AXT1800 is a router.GL.iNet AXT1800 is a router.GL.iNet MT2500 is a router.GL.iNet MT2500 is ...
CVE-2024-45263
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control...
CVE-2024-45261
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's...
CVE-2024-45259
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted...
CVE-2024-45262
GL-iNet devices affected (MT6000, MT3000, MT2500, AXT1800, AX1800) on version 4.6.2 have a vulnerability in the /rpc call where the params parameter allows arbitrary directory traversal, enabling script execution under arbitrary paths. Affected components: the /rpc endpoint’s params parameter. Im...
CVE-2024-28077
A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters such as half...
CVE-2024-28077
A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters such as half...
CVE-2024-28077
A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters such as half...
CVE-2024-28077
The CVE-2024-28077 issue is a denial-of-service affecting multiple GL.iNet devices (e.g., MT6000, XE3000, X3000, MT3000, MT2500, AXT1800, AX1800, A1300, S200, X750, SFT1200, MT1300, AR750/AR750S/AR300M/AR300M16, B1300, MT300N-V2, XE300) across listed firmware versions. The root cause is that the ...