237 matches found
CVE-2023-47464
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function...
CVE-2023-47462
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function...
CVE-2023-47462
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function...
Design/Logic Flaw
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function...
GL.iNet devices Security Vulnerabilities
GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices v.3.215 and earlier versions, which stems from a misconfiguration of privileges that could allow an attacker to execute arbitrary code via the file...
CVE-2023-47462
GL.iNet AX1800 (firmware v3.215 and earlier) is affected by an Insecure Permissions vulnerability in the file sharing function. Root cause: misconfiguration of privileges that permits a remote attacker to execute arbitrary code. Impact is high (remote code execution) as reported in CVE-2023-47462...
CVE-2023-47462
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function...
Cross site request forgery (csrf)
A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...
CVE-2023-24261
A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...
CVE-2023-24261
GL.iNET GL-E750 Mudi devices are affected by CVE-2023-24261. The vulnerability allows an authenticated attacker to execute arbitrary code via a crafted POST request, affecting firmware prior to v3.216. The cited details indicate network-exposed, authenticated code execution with high impact on co...
CVE-2023-33620
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack...
CVE-2023-33621
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay...
CVE-2023-33621
CVE-2023-33621 concerns GL.iNET GL-AR750S-Ext firmware v3.215. The OpenVPN Server config file download issue causes the admin authentication token to be inserted into a GET request, leaving the token in browser history or access logs. This could allow a session-replay based bypass of authenticati...
CVE-2023-33620
Public technical details are not provided in the connected documents. The initial description notes an insecure protocol allowing MITM in GL.iNET GL-AR750S-Ext firmware v3.215. Monitor for updates.
CVE-2023-33620
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack...
CVE-2023-33621
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay...
CVE-2023-31475
An issue was discovered on GL.iNet devices before 3.216. The function guci2get found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer...
CVE-2023-31473
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to injec...
Command injection
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to injec...
Buffer overflow
An issue was discovered on GL.iNet devices before 3.216. The function guci2get found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer...