GL.iNet GL-AR300M Security Vulnerability

GL.iNet GL-AR300M is a modern mini smart router from China's GL.iNet. A security vulnerability exists in the GL.iNET GL-AR300M v4.3.7, which stems from the presence of a path traversal vulnerability that allows an attacker to write arbitrary files via the file upload function of the OpenVPN clien...

GL.iNet GL-AR300M Security Vulnerability

GL.iNet GL-AR300M is a modern mini smart router from China's GL.iNet. A security vulnerability exists in the GL.iNet GL-AR300M version 3.216, which originated from a vulnerability that allows attackers to inject arbitrary shell commands via the file upload function of the OpenVPN client...

Exploit for OS Command Injection in Gl-Inet Gl-Ar300M_Firmware

GL.iNet Multiple Vulnerabilities This repository contains the...

PT-2023-30033 · Gl.Inet · Gl-Ar300M

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR300M version 4.3.7 Description: The issue allows an attacker to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. This can potentially lead to unauthorized access and...

PT-2023-30034 · Gl.Inet · Gl-Ar300M

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR300M version 3.216 Description: The issue allows for the injection of arbitrary shell commands through the OpenVPN client file upload functionality. This can potentially lead to remote code execution. Recommendations: For version...

CVE-2023-47464

Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function...

CVE-2023-47463

Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the glnassys authentication function...

GL.iNet AX1800 Security Vulnerability

The GL.iNet AX1800 is a wireless router from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet AX1800 version 4.0.0 prior to 4.5.0, which originated from a vulnerability that allows attackers to execute arbitrary code via the upload API function...

PT-2023-30460 · Gl.Inet · Gl-Inet Ax1800

Name of the Vulnerable Software and Affected Versions: GL.iNet AX1800 versions 4.0.0 through 4.4.x Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the gl nas sys authentication function. This enables the attacker to potentially gain unauthorized...

PT-2023-30459 · Gl.Inet · Gl-Inet Ax1800

Name of the Vulnerable Software and Affected Versions: GL.iNet AX1800 versions 3.215 and before Description: The issue allows a remote attacker to execute arbitrary code via the file sharing function. This is due to an Insecure Permissions vulnerability. Recommendations: For versions 3.215 and...

PT-2023-19503 · Gl.Inet · Gl-E750 Mudi

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-E750 Mudi versions prior to v3.216 Description: A vulnerability in the software allows authenticated attackers to execute arbitrary code via a crafted POST request. Recommendations: For versions prior to v3.216, update to firmware...

CVE-2023-33620

GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack...

CVE-2023-33620

GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack...

GL.iNet GL-AR750S-Ext 安全漏洞

The GL.iNet GL-AR750S-Ext is a wireless router from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet GL-AR750S-Ext version 3.215, which originates from the insertion of an administrator authentication token into a GET request when downloading the OpenVPN server...

GL.iNet GL-AR750S-Ext 安全漏洞

The GL.iNet GL-AR750S-Ext is a wireless router from China's GL.iNet. A security vulnerability exists in the GL.iNet GL-AR750S-Ext version 3.215. An attacker exploited the vulnerability to eavesdrop on communications via a man-in-the-middle attack...

PT-2023-24408 · Gl.Inet · Gl-Ar750S-Ext

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR750S-Ext firmware version 3.215 Description: The issue concerns the insertion of the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. This token is then left in the browser history ...

CVE-2023-31477

A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path...

GL.iNet devices 路径遍历漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A path traversal vulnerability exists in GL.iNet devices prior to version 3.216, which can be exploited to allow arbitrary files to be shared in arbitrary folders...

GL.iNet devices 命令注入漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A command injection vulnerability exists in GL.iNet devices prior to version 3.216, which originates from allowing an empty file to be created anywhere on the file system. An attacker could use this...

GL.iNet devices 安全漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices prior to version 3.216 that stems from a buffer overflow issue...