CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

228 matches found

EUVD-2026-34963

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS6.2AI score

Exploits0References6

CVE•added 3 hours ago•12 views

CVE-2026-11406

GL.iNet MT3000 (up to firmware 4.4.5) is affected by a command-injection vulnerability in the ovpnclient.sh component of the OpenVPN Client Import Workflow. Remote exploitation is possible; exploit details have been publicly disclosed. Upgrading to 4.9.0_beta3-1012-0513-1778656146 resolves the is...

6.5CVSS6.3AI score

Exploits0References6

Nuclei•added 10 hours ago•21 views

GL.iNet <= 4.3.7 - Arbitrary File Write

GL.iNet = 4.3.7 is vulnerable to an arbitrary file write exploit, allowing an attacker to overwrite arbitrary system files. id: CVE-2023-46455 info: name: GL.iNet = 4.3.7 - Arbitrary File Write author: Zierax severity: high description: | GL.iNet = 4.3.7 is vulnerable to an arbitrary file write...

7.5CVSS7.3AI score0.40108EPSS

Exploits4References2

Positive Technologies•added 13 hours ago•6 views

PT-2026-47149

6.5CVSS6.2AI score

Exploits0References7

Positive Technologies•added 2026/04/09 12:0 a.m.•3 views

PT-2026-31635

A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The...

7.5CVSS5.2AI score0.00149EPSS

Exploits0References6

GithubExploit•added 2026/03/10 4:1 p.m.•100 views

Exploit for OS Command Injection in Gl-Inet Gl-Mt300N-V2_Firmware

GL-InjectoR: CVE-2022-31898 Authenticated Command Injection in...

6.8CVSS5.8AI score0.15024EPSS

Exploits4

RedhatCVE•added 2026/01/09 12:37 p.m.•8 views

CVE-2023-50922

An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000...

7.2CVSS8AI score0.00077EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:37 p.m.•8 views

CVE-2023-50445

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...

7.8CVSS7.9AI score0.03125EPSS

Exploits4References1

RedhatCVE•added 2026/01/09 12:34 p.m.•2 views

CVE-2023-31477

A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path...

7.5CVSS7AI score0.00428EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:33 p.m.•6 views

CVE-2023-31478

An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key...

7.5CVSS6.7AI score0.85907EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:32 p.m.•3 views

CVE-2023-31474

An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name...

7.5CVSS6.9AI score0.00322EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:52 a.m.•4 views

CVE-2022-42054

Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...

5.4CVSS5.9AI score0.00323EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:51 a.m.•9 views

CVE-2022-42055

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...

6.5CVSS7.7AI score0.0711EPSS

Exploits1References1

Positive Technologies•added 2026/01/08 12:0 a.m.•5 views

PT-2026-1872

Name of the Vulnerable Software and Affected Versions GL.Inet GL.Inet AX1800 versions 4.6.4 and 4.6.8 Description An issue exists in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call within the GL.Inet AX1800. The script operates with root privileges when activated through...

6.5CVSS6.7AI score0.00046EPSS

Exploits1References7

CNNVD•added 2026/01/08 12:0 a.m.•1 views

GL.iNet AX1800 安全漏洞

The GL.iNet AX1800 is a wireless router from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet AX1800 version 4.6.4 and 4.6.8, which stems from a competing condition in the opkg wrapper script that could lead to elevated privileges...

6.5CVSS6.7AI score0.00046EPSS

Exploits1References3

Talos Blog•added 2025/11/26 6:36 p.m.•9 views

Dell ControlVault, Lasso, GL.iNet vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Dell ControlVault 3 firmware and its associated Windows software, four vulnerabilities in Entr'ouvert Lasso, and one vulnerability in GL.iNet Slate AX. The vulnerabilities mentioned in this blog post...

9.8CVSS8.9AI score0.00174EPSS

Exploits4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-15839

Malware in sbrugna...

6.5CVSS6.9AI score0.07156EPSS

Exploits4References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-15838

Malware in sbrugna...

8.8CVSS8.8AI score0.05288EPSS

Exploits4References4