22 matches found
GL.iNet AX1800 安全漏洞
The GL.iNet AX1800 is a wireless router from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet AX1800 version 4.6.4 and 4.6.8, which stems from a competing condition in the opkg wrapper script that could lead to elevated privileges...
PT-2026-1872
Name of the Vulnerable Software and Affected Versions GL.Inet GL.Inet AX1800 versions 4.6.4 and 4.6.8 Description An issue exists in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call within the GL.Inet AX1800. The script operates with root privileges when activated through...
EUVD-2023-51575
Malicious code in bioql PyPI...
EUVD-2023-51574
Malicious code in bioql PyPI...
CVE-2023-47462
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function...
CVE-2023-47463
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the glnassys authentication function...
CVE-2023-47464
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function...
GL.iNet多款产品 安全漏洞
GL.iNet MT300N-V2 and others are products of China's GL.iNet GL.iNet.GL.iNet MT300N-V2 is a mini router.GL.iNet AR750S is a router.GL.iNet AR750 is a router.GL.iNet AR750 is a router. A security vulnerability exists in various GL.iNet products. The vulnerability stems from the fact that an attack...
CVE-2023-47463
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the glnassys authentication function...
CVE-2023-47463
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the glnassys authentication function...
Code injection
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function...
Authentication flaw
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the glnassys authentication function...
CVE-2023-47464
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function...
CVE-2023-47464
GL.iNet AX1800 firmware (versions 4.0.0 to 4.4.x) is affected by an insecure permissions vulnerability that permits a remote attacker to execute arbitrary code through the upload API function (upload file endpoint, with file and path parameters). Root cause is improper access control on the uploa...
CVE-2023-47463
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the glnassys authentication function...
CVE-2023-47463
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the glnassys authentication function...
CVE-2023-47463
CVE-2023-47463 affects GL.iNet AX1800 routers (versions 4.0.0 up to 4.4.x; fixed in 4.5.0+). An insecure permissions flaw in the gl_nas_sys authentication function lets an unauthenticated remote attacker craft a script to achieve arbitrary code execution. Impact is rated CRITICAL (CVSS 3.1: AV:N/...
CVE-2023-47462
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function...
CVE-2023-47462
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function...
Design/Logic Flaw
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function...