CVE-2025-67089

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the plugins.installpackage RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands wi...

GL-Inet GL-AXT1800 安全漏洞

The GL-Inet GL-AXT1800 is a WiFi6 wireless router from GL-Inet China. A security vulnerability exists in the GL-Inet GL-AXT1800 v4.6.8, which stems from improper input cleanup of the plugins.installpackage RPC method, which could lead to the execution of arbitrary commands...

CVE-2025-44018

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

EUVD-2025-198804

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

VulnCheck KEV: CVE-2023-50919

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR30...

CVE-2024-45263

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control...

CVE-2024-45260

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...

CVE-2024-45259

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted...

CVE-2024-45263

CVE-2024-45263 affects GL.iNet devices: MT6000, MT3000, MT2500, AXT1800, and AX1800 (firmware 4.6.2). The upload interface accepts arbitrary files; when executed by the device, this can cause information leakage and give an attacker complete control. No mitigations or patches are provided in the ...

CVE-2024-45262

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path...

GL.iNet多款产品 安全漏洞

GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router. A security vulnerability exists in several GL.iNet products. An attacker exploiting this...

PT-2024-31519 · Gl.Inet · Gl-Inet Mt6000 +3

Name of the Vulnerable Software and Affected Versions: GL-iNet MT6000 version 4.6.2 GL-iNet MT3000 version 4.6.2 GL-iNet MT2500 version 4.6.2 GL-iNet AXT1800 version 4.6.2 GL-iNet AX1800 version 4.6.2 Description: An issue was discovered on certain GL-iNet devices. The params parameter in the cal...

CVE-2024-45260

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...

GL.iNet多款产品 安全漏洞

GL.iNet AX1800 and others are products of China Guanglian Zhitong GL.iNet company.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router.GL.iNet MT6000 is a router.GL.iNet AXT1800 is a router.GL.iNet MT6000 is a router.GL.iNet MT6000 is a router. A security vulnerability exists in severa...

GL.iNet多款产品 安全漏洞

GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router. A security vulnerability exists in several GL.iNet products. An attacker can exploit the...

CVE-2024-28077

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters such as half...

PT-2024-31518 · Gl.Inet · Gl-Inet Mt6000 +3

Name of the Vulnerable Software and Affected Versions: GL-iNet MT6000 version 4.6.2 GL-iNet MT3000 version 4.6.2 GL-iNet MT2500 version 4.6.2 GL-iNet AXT1800 version 4.6.2 GL-iNet AX1800 version 4.6.2 Description: An issue was discovered on certain GL-iNet devices. The SID generated for a specifi...

CVE-2024-39228

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface...

CVE-2024-39225

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution RCE vulnerability...

GL.iNet多款产品 安全漏洞

GL.iNet MT300N-V2 and others are products of China's GL.iNet GL.iNet.GL.iNet MT300N-V2 is a mini router.GL.iNet AR750S is a router.GL.iNet AR750 is a router.GL.iNet AR750 is a router. A security vulnerability exists in various GL.iNet products. The vulnerability stems from the fact that an attack...