EUVD-2023-50669

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

PT-2024-2213

Name of the Vulnerable Software and Affected Versions GL.iNet GL-A1300 GL.iNet GL-AX1800 GL.iNet GL-AXT1800 GL.iNet GL-MT3000 GL.iNet GL-MT2500 GL.iNet GL-MT6000 GL.iNet GL-MT1300 GL.iNet GL-MT300N-V2 GL.iNet GL-AR750S GL.iNet GL-AR750 GL.iNet GL-AR300M GL.iNet GL-B1300 Description The issue is...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

Design/Logic Flaw

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...

Path traversal

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

GL.iNet GL-AR300M Security Vulnerability

GL.iNet GL-AR300M is a modern mini smart router from China's GL.iNet. A security vulnerability exists in the GL.iNet GL-AR300M version 3.216, which originated from a vulnerability that allows attackers to inject arbitrary shell commands via the file upload function of the OpenVPN client...

CVE-2023-46456

GL.iNET GL-AR300M (firmware 3.216) is affected by CVE-2023-46456, where the OpenVPN client file upload functionality can be abused to inject arbitrary shell commands, leading to remote code execution per multiple sources. The vulnerability affects the OpenVPN client file upload path; no official ...

CVE-2023-46455

GL.iNet GL-AR300M routers on firmware 4.3.7 are affected by CVE-2023-46455 due to a path traversal in the OpenVPN client file upload, enabling arbitrary file writes. Evidence from multiple sources (NVD/NVD-derived entries, Red Hat, Nuclei template, and Exploit-DB) confirms an unauthenticated path...

CVE-2023-46454

CVE-2023-46454 affects GL.iNet GL-AR300M routers running firmware v4.3.7. A crafted package name in the package information feature allows arbitrary shell command injection, enabling RCE over the network with no user interaction. The vulnerability is rated CRITICAL (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/...

CVE-2023-46455

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

CVE-2023-46455

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

Exploit for OS Command Injection in Gl-Inet Gl-Ar300M_Firmware

GL.iNet Multiple Vulnerabilities This repository contains the...

PT-2023-30034 · Gl.Inet · Gl-Ar300M

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR300M version 3.216 Description: The issue allows for the injection of arbitrary shell commands through the OpenVPN client file upload functionality. This can potentially lead to remote code execution. Recommendations: For version...

CVE-2019-6273

downloadfile in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files...

CVE-2019-6274

Directory traversal vulnerability in storagecgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences...

CVE-2019-6272

Command injection vulnerability in logincgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code...

CVE-2019-6272

Command injection vulnerability in logincgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code...

CVE-2019-6273

downloadfile in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files...

CVE-2019-6275

Command injection vulnerability in firmwarecgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code...