VulnCheck KEV: CVE-2023-50919

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR30...

CVE-2024-45263

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control...

CVE-2024-45260

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...

CVE-2024-45259

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted...

CVE-2024-45263

CVE-2024-45263 affects GL.iNet devices: MT6000, MT3000, MT2500, AXT1800, and AX1800 (firmware 4.6.2). The upload interface accepts arbitrary files; when executed by the device, this can cause information leakage and give an attacker complete control. No mitigations or patches are provided in the ...

CVE-2024-45262

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path...

GL.iNet多款产品 安全漏洞

GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router. A security vulnerability exists in several GL.iNet products. An attacker exploiting this...

CVE-2024-45260

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...

PT-2024-31519 · Gl.Inet · Gl-Inet Mt6000 +3

Name of the Vulnerable Software and Affected Versions: GL-iNet MT6000 version 4.6.2 GL-iNet MT3000 version 4.6.2 GL-iNet MT2500 version 4.6.2 GL-iNet AXT1800 version 4.6.2 GL-iNet AX1800 version 4.6.2 Description: An issue was discovered on certain GL-iNet devices. The params parameter in the cal...

GL.iNet多款产品 安全漏洞

GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router. A security vulnerability exists in several GL.iNet products. An attacker can exploit the...

CVE-2024-28077

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters such as half...

CVE-2024-28077

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters such as half...

PT-2024-31518 · Gl.Inet · Gl-Inet Mt6000 +3

Name of the Vulnerable Software and Affected Versions: GL-iNet MT6000 version 4.6.2 GL-iNet MT3000 version 4.6.2 GL-iNet MT2500 version 4.6.2 GL-iNet AXT1800 version 4.6.2 GL-iNet AX1800 version 4.6.2 Description: An issue was discovered on certain GL-iNet devices. The SID generated for a specifi...

GL-iNet MT6000 4.5.5 - Arbitrary File Download

Exploit Title: GL-iNet MT6000 4.5.5 - Arbitrary File Download CVE: CVE-2024-27356 Google Dork: intitle:"GL.iNet Admin Panel" Date: 2/26/2024 Exploit Author: Bandar Alharbi aggressor Vendor Homepage: www.gl-inet.com Tested Software Link:...

GL.iNet MT6000 4.5.5 - Arbitrary File Download Exploit

Exploit Title: GL-iNet MT6000 4.5.5 - Arbitrary File Download CVE: CVE-2024-27356 Google Dork: intitle:"GL.iNet Admin Panel" Exploit Author: Bandar Alharbi aggressor Vendor Homepage: www.gl-inet.com Tested Software Link:...

CVE-2024-27356

CVE-2024-27356 affects GL.iNet devices (examples include MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, and others listed). The issue allows an attacker to trigger commands that download files (e.g., logread.tar) from the device, potentially exposing critical user informatio...

Various GL.iNet products Security Breach

GL.iNet MT6000 and others are products of China's GL.iNet GL.iNet. GL.iNet MT6000 is a router. GL.iNet XE3000 is an intelligent router. A security vulnerability exists in several GL.iNet products, which stems from a vulnerability that allows an attacker to obtain critical user information by...

GL.iNet Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' class MetasploitModule 'GL.iNet Unauthenticated Remote Command Execution via the logread module.', 'Description' = %q A command injection...

PT-2024-2213

Name of the Vulnerable Software and Affected Versions GL.iNet GL-A1300 GL.iNet GL-AX1800 GL.iNet GL-AXT1800 GL.iNet GL-MT3000 GL.iNet GL-MT2500 GL.iNet GL-MT6000 GL.iNet GL-MT1300 GL.iNet GL-MT300N-V2 GL.iNet GL-AR750S GL.iNet GL-AR750 GL.iNet GL-AR300M GL.iNet GL-B1300 Description The issue is...

CVE-2023-50920

An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or...