CVE-2026-11452 GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

CVE-2026-26795

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-60739

Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...

CVE-2025-60963

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information...

CVE-2025-60957

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information...

CVE-2025-60965

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts...

CVE-2025-60969

Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information...

CVE-2025-60958

Cross Site Scripting XSS vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information...

CVE-2025-60960

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information...

CVE-2025-60969

Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information...

CVE-2025-60958

Cross Site Scripting XSS vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information...

CVE-2025-60961

Cross Site Scripting XSS vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts...

CVE-2025-60959

The CVE-2025-60959 entry concerns OS Command Injection in EndRun Technologies Sonoma D12 Network Time Server (GPS) firmware. Affected product/version: Sonoma D12 NTP GPS F/W 6010-0071-000, Ver 4.00. Underlying cause is described as an OS command injection vulnerability, enabling attackers to disc...

PT-2025-39434

Name of the Vulnerable Software and Affected Versions TOTOLINK N600R firmware version 4.3.0cu.7866 B2022506 Description A NULL pointer dereference exists in the TOTOLINK N600R firmware. This issue can be exploited by attackers to cause a Denial of Service. A NULL pointer dereference occurs when a...

CVE-2025-57218

Tenda AC10 v4.0 firmware v16.03.10.09multiTDE01 was discovered to contain a stack overflow via the security5g parameter in the function sub46284C...

CVE-2025-24296

Improper input validation in some firmware for the IntelR E810 Ethernet before version 4.6 may allow a privileged user to enable denial of service via local access...

CVE-2025-45858

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN00459fdc function...

GL.iNet多款产品 安全漏洞

GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router. A security vulnerability exists in several GL.iNet products. An attacker can exploit the...