68 matches found
CVE-2025-2811 GL.iNet GL-A1300 Slate Plus API redos
A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT250...
PT-2025-17954 · Gl.Inet · Gl-A1300 Slate Plus +22
Name of the Vulnerable Software and Affected Versions: GL.iNet GL-A1300 Slate Plus version 4.x GL.iNet GL-AR300M16 Shadow version 4.x GL.iNet GL-AR300M Shadow version 4.x GL.iNet GL-AR750 Creta version 4.x GL.iNet GL-AR750S-EXT Slate version 4.x GL.iNet GL-AX1800 Flint version 4.x GL.iNet...
PT-2025-17958 · Gl.Inet · Gl-A1300 Slate Plus +22
Name of the Vulnerable Software and Affected Versions: GL.iNet GL-A1300 Slate Plus version 4.x GL.iNet GL-AR300M16 Shadow version 4.x GL.iNet GL-AR300M Shadow version 4.x GL.iNet GL-AR750 Creta version 4.x GL.iNet GL-AR750S-EXT Slate version 4.x GL.iNet GL-AX1800 Flint version 4.x GL.iNet...
GL.iNet多款产品 安全漏洞
GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router. A security vulnerability exists in several GL.iNet products. An attacker can exploit the...
GL.iNet多款产品 安全漏洞
GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet MT6000 is a router.GL.iNet XE3000 is an intelligent router. A security vulnerability exists in several GL.iNet products. The vulnerability stems fro...
GL.iNet多款产品 操作系统命令注入漏洞
GL.iNet AR750S and others are products of China's Guanglian Intelligent Communication GL.iNet company.GL.iNet AR750S is a router.GL.iNet AR750 is a router.GL.iNet AR300M is a router. An operating system command injection vulnerability exists in several GL.iNet products, which stems from a shell...
GL.iNet多款产品 路径遍历漏洞
GL.iNet MT300N-V2 and others are products of China's GL.iNet. GL.iNet MT300N-V2 is a mini router. GL.iNet AR750 is a router. GL.iNet AR300M is a router. A path traversal vulnerability exists in various GL.iNet products, which originates from an insecure privilege in the /cgi-bin/glc interface. Th...
CVE-2023-50919
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR30...
CVE-2023-50921
An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the adduser interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750...
CVE-2023-50445
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...
GL.iNet devices Security Vulnerabilities
GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices v.3.215 and earlier versions, which stems from a misconfiguration of privileges that could allow an attacker to execute arbitrary code via the file...
CVE-2023-31473
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to injec...
CVE-2023-31475
An issue was discovered on GL.iNet devices before 3.216. The function guci2get found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer...
PT-2023-23356 · Gl.Inet · Gl.Inet
Name of the Vulnerable Software and Affected Versions: GL.iNet devices versions prior to 3.216 Description: A path traversal issue was discovered, allowing the sharing of arbitrary directories, such as /tmp or /etc, through the file sharing feature due to the lack of server-side restrictions...
CVE-2023-31477
A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path...
Information disclosure
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install...
CVE-2023-31471
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install...
CVE-2023-31478
An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key...
GL.iNet devices 命令注入漏洞
GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A command injection vulnerability exists in GL.iNet devices prior to version 3.216, which stems from an arbitrary file write vulnerability that can create an empty file anywhere on the file system...
GL.iNet devices 安全漏洞
GL.iNet devices are a series of hardware devices from China Guanglian Zhitong GL.iNet Company. A security vulnerability exists in GL.iNet devices prior to version 3.216, which originates from the ability to use regular expression functionality in package names via the software installation featur...