296 matches found
CVE-2024-39227
CVE-2024-39227 affects GL.iNet routers (AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11; MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16; XE300 v4.3.16; E750 v4.3.12; AP1300/S1300 v4.3.13; XE3000/X3000 v4.4). An insecure permission issue in endpoint /cgi-bin/glc allows u...
CVE-2024-39225
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution RCE vulnerability...
CVE-2024-39227
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This...
CVE-2024-39226
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers b...
CVE-2024-39228
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface...
CVE-2024-39229
GL.iNet device family including AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.x, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.x, XE300, E750, AP1300/S1300, XE3000/X3000, B2200/MV1000/MV1000W/USB150/N300/SF1200 (and related variants) are documented as having a vulnerability ...
CVE-2024-39226
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers b...
CVE-2024-39229
An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to...
PT-2024-28398 · Gl.Inet · X750 +19
Name of the Vulnerable Software and Affected Versions: GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 version 4.3.11 GL-iNet products MT3000/MT2500/AXT1800/AX1800/A1300/X300B version 4.5.16 GL-iNet products XE300 version 4.3.16 GL-iNet products E750 version 4.3....
CVE-2024-39226
CVE-2024-39226 affects a broad set of GL.iNet routers (AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750, MT3000/MT2500/AXT1800/AX1800/A1300/X300B, XE300/E750/AP1300/S1300, XE3000/X3000) with firmware versions ranging from 4.3.11 to 4.4. The vulnerability allows manipulating router...
The vulnerability of the administrator panel of GL.iNet microprogramming software allows a intruder to gain unauthorized access to protected information and upload arbitrary files.
The vulnerability of the administrator panel of GL.iNet microprogramming software is related to the use of an unreliable search path during the export of logs. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information and upload arbitrary files...
GL-iNet MT6000 4.5.5 Arbitrary File Download
Exploit Title: GL-iNet MT6000 4.5.5 - Arbitrary File Download CVE: CVE-2024-27356 Google Dork: intitle:"GL.iNet Admin Panel" Date: 2/26/2024 Exploit Author: Bandar Alharbi aggressor Vendor Homepage: www.gl-inet.com Tested Software Link:...
GL-iNet MT6000 4.5.5 - Arbitrary File Download
Exploit Title: GL-iNet MT6000 4.5.5 - Arbitrary File Download CVE: CVE-2024-27356 Google Dork: intitle:"GL.iNet Admin Panel" Date: 2/26/2024 Exploit Author: Bandar Alharbi aggressor Vendor Homepage: www.gl-inet.com Tested Software Link:...
GL.iNet MT6000 4.5.5 - Arbitrary File Download Exploit
Exploit Title: GL-iNet MT6000 4.5.5 - Arbitrary File Download CVE: CVE-2024-27356 Google Dork: intitle:"GL.iNet Admin Panel" Exploit Author: Bandar Alharbi aggressor Vendor Homepage: www.gl-inet.com Tested Software Link:...
The vulnerability of the microprogramming software of the GL.iNet GL-A1300, GL-AX1800, GL-AXT1800, GL-MT3000, GL-MT2500, GL-MT6000, GL-MT1300, GL-MT300N-V2, GL-AR750S, GL-AR750, and GL-AR300M routers relates to the bypassing of authentication processes, allowing an intruder to gain unauthorized access to the router’s web interface.
The vulnerability of the microprogramming software of the GL.iNet GL-A1300, GL-AX1800, GL-AXT1800, GL-MT3000, GL-MT2500, GL-MT6000, GL-MT1300, GL-MT300N-V2, GL-AR750S, GL-AR750, GL-AR300M, and GL-B1300 lies in their ability to bypass authentication. Exploiting this vulnerability can allow an...
GL.iNet Router Security Vulnerability
GL.iNet Router is a series of routers from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet Router 4.x firmware version, which originated from a vulnerability that allows an attacker to bypass authentication and gain access to the router's web interface...
The vulnerability of the `get_system_log` and `get_crash_log` functions in the logread module of the GL.iNet router microprogramming solutions (GL.iNet A1300, AX1800, AXT1800, MT3000, MT2500, MT6000, MT1300, MT300N-V2, AR750S, AR750, AR300M, B1300) allows a attacker to execute arbitrary code.
The vulnerability of the getsystemlog and getcrashlog functions in the logread module of the GL.iNet routers A1300, AX1800, AXT1800, MT3000, MT2500, MT6000, MT1300, MT300N-V2, AR750S, AR750, AR300M, B1300 exists due to the lack of measures to neutralize special elements used in the operating syst...
CVE-2024-27356
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300,...
Code injection
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300,...
EUVD-2024-24560
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300,...