CVE-2022-31898

CVE-2022-31898 affects GL.iNet GL-MT300N-V2 Mango (v3.212) and GL-AX1800 Flint (v3.214). The issue is described as multiple command-injection vulnerabilities exploitable via the ping_addr and trace_addr parameters. Reported impact in the CVE metrics indicates high confidentiality, integrity, and ...

PT-2022-20978 · Gl.Inet · Gl-Inet Gl-Ax1800 Flint +1

Name of the Vulnerable Software and Affected Versions: gl-inet GL-MT300N-V2 Mango version 3.212 gl-inet GL-AX1800 Flint version 3.214 Description: The issue concerns command injection vulnerabilities. These vulnerabilities can be exploited via the ping addr and trace addr function parameters...

PT-2022-26225 · Gl.Inet · Gl.Inet Goodcloud Iot Device Management System

Name of the Vulnerable Software and Affected Versions: GL.iNet GoodCloud IoT Device Management System version 1.00.220412.00 Description: The issue concerns command injection vulnerabilities in the ping and traceroute tools of the system, allowing attackers to read arbitrary files on the system...

CVE-2021-44148

GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/routercgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name...

CVE-2019-6273

downloadfile in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files...

GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal

Exploit Title: GL-AR300M-Lite Authenticated Command injection - Arbitrary file download - Directory Traversal Date: 15/1/2019 Exploit Author: Pasquale Turi aka boombyte Vendor Homepage: https://www.gl-inet.com/ Software Link: https://www.gl-inet.com/products/gl-ar300m/ Version: Firmware version...