CVE-2023-31471

An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install...

CVE-2023-31475

An issue was discovered on GL.iNet devices before 3.216. The function guci2get found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer...

GL.iNet多款产品 安全漏洞

GL.iNet MT300N-V2 and others are products of China's GL.iNet GL.iNet.GL.iNet MT300N-V2 is a mini router.GL.iNet AR750S is a router.GL.iNet AR750 is a router.GL.iNet AR750 is a router. A security vulnerability exists in various GL.iNet products. The vulnerability stems from the fact that an attack...

GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit

!/usr/bin/env python3 Exploit Title: GL.iNet = 3.216 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

GL.iNet GL-AR300M Security Vulnerability

GL.iNet GL-AR300M is a modern mini smart router from China's GL.iNet. A security vulnerability exists in the GL.iNet GL-AR300M version 3.216, which originated from a vulnerability that allows attackers to inject arbitrary shell commands via the file upload function of the OpenVPN client...

CVE-2023-24261

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...

GL.iNet devices 路径遍历漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A path traversal vulnerability exists in GL.iNet devices prior to version 3.216, which can be exploited to allow arbitrary files to be shared in arbitrary folders...

GL.iNet devices 命令注入漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A command injection vulnerability exists in GL.iNet devices prior to version 3.216, which originates from allowing an empty file to be created anywhere on the file system. An attacker could use this...

GL.iNet devices 安全漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices prior to version 3.216, which can be exploited to install arbitrary software via the software installation feature...

PT-2023-23350 · Gl.Inet · Gl.Inet

Name of the Vulnerable Software and Affected Versions: GL.iNet devices versions prior to 3.216 Description: An issue was discovered that allows the installation of arbitrary software, such as a reverse shell, through the software installation feature. This is possible because the restrictions on...

GL.iNet devices 安全漏洞

GL.iNet devices are a series of hardware devices from China Guanglian Zhitong GL.iNet Company. A security vulnerability exists in GL.iNet devices prior to version 3.216, which originates from the ability to use regular expression functionality in package names via the software installation featur...

GL.iNet devices 命令注入漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A command injection vulnerability exists in GL.iNet devices prior to version 3.216, which stems from an arbitrary file write vulnerability that can create an empty file anywhere on the file system...

GL.iNet devices 安全漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices prior to version 3.216, which stems from an arbitrary file write vulnerability that can create an empty file anywhere on the file system...

PT-2023-23353 · Gl.Inet · Gl.Inet

Name of the Vulnerable Software and Affected Versions: GL.iNet devices versions prior to 3.216 Description: An issue was discovered that allows injecting arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name...