Lucene search
K

307 matches found

Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.23 views

PT-2026-47169

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS5.1AI score0.01582EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.20 views

PT-2026-47171

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev name results in command injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.01572EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.20 views

PT-2026-47175

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN 0042e200 of the file /cgi-bin/glc of the component SET USER PWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version...

7.5CVSS6.8AI score0.01681EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.10 views

GL.iNet GL-MT3000 命令注入漏洞

GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Versions of GL.iNet GL-MT3000 with a version number of 4.4.5 or earlier have a command injection vulnerability. This vulnerability stems from the incorrect handling of the parameter...

7.5CVSS7.3AI score0.01681EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.10 views

GL.iNet GL-MT3000 命令注入漏洞

GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Versions of GL.iNet GL-MT3000 with a version number up to 4.4.5 have a command injection vulnerability. This vulnerability stems from an incorrect operation of the parameter ‘device’ ...

6.5CVSS6.5AI score0.01073EPSS
Exploits0References5
NVD
NVD
added 2026/06/06 10:16 a.m.15 views

CVE-2026-11406

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS0.0123EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/06 9:15 a.m.13 views

CVE-2026-11406

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS6.2AI score0.0123EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/06 9:15 a.m.39 views

CVE-2026-11406 GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS0.0123EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:58 p.m.11 views

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

9.8CVSS5.6AI score0.00764EPSS
Exploits3References1
EUVD
EUVD
added 2026/05/08 9:31 a.m.14 views

EUVD-2023-50669

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

9.8CVSS5.9AI score0.00764EPSS
Exploits3References2
NVD
NVD
added 2026/05/08 7:16 a.m.23 views

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

9.8CVSS0.00764EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.43 views

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

0.00764EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.8 views

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

5.9AI score0.00764EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.8 views

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

5.9AI score0.00764EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/04/14 1:22 a.m.8 views

CVE-2026-5959

A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The...

7.5CVSS5.1AI score0.00509EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 3:16 p.m.6 views

CVE-2026-5959

A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The...

7.5CVSS0.00509EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/09 2:30 p.m.4 views

CVE-2026-5959 GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication

A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The...

7.5CVSS5.1AI score0.00509EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:30 p.m.5 views

CVE-2026-5959

A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The...

7.5CVSS6AI score0.00509EPSS
Exploits0References6Affected Software4
Cvelist
Cvelist
added 2026/04/09 2:30 p.m.22 views

CVE-2026-5959 GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication

A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The...

7.5CVSS0.00509EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.4 views

CVE-2026-26793

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the setconfig function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

9.8CVSS6.1AI score0.02266EPSS
Exploits1References1
Rows per page
Query Builder