6 matches found
CVE-2023-46453
Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...
PT-2023-8749 · Gl.Inet · Gl-Inet Mt1300 +8
Name of the Vulnerable Software and Affected Versions: GL.iNet A1300 versions 4.4.6 GL.iNet AX1800 versions 4.4.6 GL.iNet AXT1800 versions 4.4.6 GL.iNet MT3000 versions 4.4.6 GL.iNet MT2500 versions 4.4.6 GL.iNet MT6000 versions 4.5.0 GL.iNet MT1300 versions 4.3.7 GL.iNet MT300N-V2 versions 4.3.7...
CVE-2023-46455
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...
CVE-2023-46456
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...
CVE-2023-46454
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...
PT-2023-30033 · Gl.Inet · Gl-Ar300M
Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR300M version 4.3.7 Description: The issue allows an attacker to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. This can potentially lead to unauthorized access and...