CVE-2023-29778

GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread...

PT-2023-22414 · Gl.Inet · Gl-Inet Mt3000

Name of the Vulnerable Software and Affected Versions: GL.iNET MT3000 version 4.1.0 Release 2 Description: The issue is related to OS Command Injection, which can be exploited via the /usr/lib/oui-httpd/rpc/logread endpoint. This allows for potential execution of system commands, posing a securit...

CVE-2023-29778

GL.iNET MT3000 4.1.0 Release 2 is documented as vulnerable to an OS Command Injection via the /usr/lib/oui-httpd/rpc/logread endpoint. The affected component is the logread handler in the oui-httpd path; CVSS v3.1 metrics indicate a critical impact (CRITICAL, 9.8) affecting confidentiality, integ...

CVE-2022-44211

In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings...

CVE-2022-44212

In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel...

Code injection

In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel...

Improper access control

In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings...

CVE-2022-44211

In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings...

CVE-2022-44212

In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel...

GL.iNet GoodCloud 安全漏洞

GL.iNet GoodCloud is an Internet of Things IoT device management system from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in GL.iNet GoodCloud version 1.1, which stems from incorrect access control...

CVE-2022-44212

In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel...

CVE-2022-44211

In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings...

CVE-2022-44212

CVE-2022-44212 affects GL.iNet Goodcloud 1.0. The vulnerability is described as an insecure design that allows a remote attacker to access the device management/admin panel. The cited metrics from NVD indicate a CVSS v3.1 base score of 5.9 (Medium) with Network attack vector, high attack complexi...

CVE-2022-44211

GL.iNet Goodcloud 1.1 is affected by an improper access control vulnerability. The issue allows a remote attacker to access or change devices’ settings due to insufficient authorization checks in the Goodcloud component. Affected product: GL.iNet Goodcloud (version 1.1). Reported impact per conne...

CVE-2022-42055

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...

CVE-2022-42055

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...

CVE-2022-42054

Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...

Cross site scripting

Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...

Command injection

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...

CVE-2022-42055

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...