PT-2023-23350 · Gl.Inet · Gl.Inet

Name of the Vulnerable Software and Affected Versions: GL.iNet devices versions prior to 3.216 Description: An issue was discovered that allows the installation of arbitrary software, such as a reverse shell, through the software installation feature. This is possible because the restrictions on...

CVE-2023-31472

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied...

CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

GL.iNet devices 安全漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices prior to version 3.216, which stems from an arbitrary file write vulnerability that can create an empty file anywhere on the file system...

GL.iNet devices 安全漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices prior to version 3.216, which stems from an API endpoint displaying information about the Wi-Fi configuration, including the SSID and key...

CVE-2023-29778

GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread...

GL.iNet MT3000 操作系统命令注入漏洞

The GL.iNet MT3000 is an AX3000 portable router using the Wi-Fi 6 protocol from China's GL.iNet. An operating system command injection vulnerability exists in the GL.iNet MT3000 version 4.1.0, which stems from the presence of operating system command injection...

PT-2022-27143 · Gl.Inet · Gl.Inet Goodcloud

Name of the Vulnerable Software and Affected Versions: GL.iNet Goodcloud version 1.0 Description: The issue is related to an insecure design in the software, which allows a remote attacker to access the devices' admin panel. Recommendations: For GL.iNet Goodcloud version 1.0, consider restricting...

GL.iNet GoodCloud 安全漏洞

GL.iNet GoodCloud is an IoT device management system from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in GL.iNet GoodCloud version 1.0. An attacker can access the device's management panel by exploiting the vulnerability...

Exploit for OS Command Injection in Gl-Inet Gl-Mt300N-V2_Firmware

cve-2022-31898 Exploit POC code for CVE-2022-31898, a command...

CVE-2022-31898

CVE-2022-31898 affects GL.iNet GL-MT300N-V2 Mango (v3.212) and GL-AX1800 Flint (v3.214). The issue is described as multiple command-injection vulnerabilities exploitable via the ping_addr and trace_addr parameters. Reported impact in the CVE metrics indicates high confidentiality, integrity, and ...

PT-2022-26225 · Gl.Inet · Gl.Inet Goodcloud Iot Device Management System

Name of the Vulnerable Software and Affected Versions: GL.iNet GoodCloud IoT Device Management System version 1.00.220412.00 Description: The issue concerns command injection vulnerabilities in the ping and traceroute tools of the system, allowing attackers to read arbitrary files on the system...

PT-2022-20978 · Gl.Inet · Gl-Inet Gl-Ax1800 Flint +1

Name of the Vulnerable Software and Affected Versions: gl-inet GL-MT300N-V2 Mango version 3.212 gl-inet GL-AX1800 Flint version 3.214 Description: The issue concerns command injection vulnerabilities. These vulnerabilities can be exploited via the ping addr and trace addr function parameters...

CVE-2021-44148

GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/routercgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name...

CVE-2019-6273

downloadfile in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files...

GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal

Exploit Title: GL-AR300M-Lite Authenticated Command injection - Arbitrary file download - Directory Traversal Date: 15/1/2019 Exploit Author: Pasquale Turi aka boombyte Vendor Homepage: https://www.gl-inet.com/ Software Link: https://www.gl-inet.com/products/gl-ar300m/ Version: Firmware version...