CVE-2025-67091

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API cal...

CVE-2025-67091

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API cal...

CVE-2025-66848

JD Cloud NAS routers AX1800 4.3.1.r4308 and earlier, AX3000 4.3.1.r4318 and earlier, AX6600 4.5.1.r4533 and earlier, BE6500 4.4.1.r4308 and earlier, ER1 4.5.1.r4518 and earlier, and ER2 4.5.1.r4518 and earlier contain an unauthorized remote command execution vulnerability...

GL-Inet GL-AXT1800 安全漏洞

The GL-Inet GL-AXT1800 is a WiFi6 wireless router from GL-Inet China. A security vulnerability exists in the GL-Inet GL-AXT1800 version 4.7.0, which stems from a firmware downgrade vulnerability in the OTA update function that could lead to a man-in-the-middle attack...

EUVD-2020-6258

Malware in sbrugna...

CVE-2020-14102

There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

CVE-2024-28729

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M1.34ME allows a local attacker to execute arbitrary code via a crafted request...

CVE-2024-45260

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...

CVE-2024-45259

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted...

CVE-2024-45260

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...

CVE-2024-45262

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path...

GL.iNet多款产品 安全漏洞

GL.iNet AX1800 and others are products of China Guanglian Zhitong GL.iNet company.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router.GL.iNet MT6000 is a router.GL.iNet AXT1800 is a router.GL.iNet MT6000 is a router.GL.iNet MT6000 is a router. A security vulnerability exists in severa...

GL.iNet多款产品 安全漏洞

GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router. A security vulnerability exists in several GL.iNet products. An attacker exploiting this...

CVE-2024-28077

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters such as half...

CVE-2024-39225

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution RCE vulnerability...

CVE-2024-39228

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface...

CVE-2023-37057

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism...

CVE-2023-37057

Summary: CVE-2023-37057 affects Jlink AX1800 v1.0 from JLINK/Unionman. Multiple connected sources indicate a remote code execution vulnerability via the router’s authentication mechanism (no details on exploit method in the primary document). The PT-Security entry notes version 1.0 and provides m...

CVE-2023-27359 TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability

TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...

CVE-2023-27359

CVE-2023-27359 affects TP-Link AX1800/ Archer AX21 routers. The flaw is in the hotplugd daemon where firewall rule handling allows access to LAN-only resources, enabling remote attackers to reach LAN-side services without authentication and potentially execute code as root when combined with othe...