Lucene search
+L

23 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.8 views

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

5.9AI score0.00764EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.7 views

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

5.1CVSS7.2AI score0.00214EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.6 views

CVE-2025-67089

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the plugins.installpackage RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands wi...

8.1CVSS8.3AI score0.01426EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.9 views

CVE-2025-67091

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API cal...

6.5CVSS7.1AI score0.02981EPSS
Exploits1References1
OSV
OSV
added 2026/01/08 4:15 p.m.9 views

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

5.1CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2026/01/08 4:15 p.m.10 views

CVE-2025-67091

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API cal...

6.5CVSS0.02981EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/08 12:0 a.m.3 views

CVE-2025-67091

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API cal...

6.7AI score0.02981EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/08 12:0 a.m.5 views

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

6.8AI score0.00214EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/08 12:0 a.m.27 views

CVE-2025-67089

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the plugins.installpackage RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands wi...

0.01426EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/08 12:0 a.m.28 views

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

0.00214EPSS
Exploits1References3
CVE
CVE
added 2026/01/08 12:0 a.m.19 views

CVE-2025-67090

GL.iNet AX1800 devices running firmware 4.6.4 or 4.6.8 are affected by CVE-2025-67090 due to lack of rate limiting or account lockout on the LuCI authentication endpoint (/cgi-bin/luci). This allows an unauthenticated attacker on the local network to perform unlimited password attempts against th...

5.1CVSS6.8AI score0.00214EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/01/08 12:0 a.m.26 views

CVE-2025-67089

CVE-2025-67089 affects the GL‑iNet GL‑AXT1800 router firmware v4.6.8. The vulnerability is in the plugins.install_package RPC method , which does not sufficiently sanitize the package name, allowing authenticated attackers to execute arbitrary commands with root privileges. The entry lists a CVSS...

8.1CVSS7.8AI score0.01426EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/11/24 4:15 p.m.13 views

CVE-2025-44018

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

8.3CVSS0.00223EPSS
Exploits0References2
CVE
CVE
added 2025/11/24 3:11 p.m.22 views

CVE-2025-44018

CVE-2025-44018 affects the GL.iNet GL-AXT1800 OTA Update mechanism (firmware 4.7.0). A specially crafted .tar enables a firmware downgrade, which a motivated attacker could trigger via a man‑in‑the‑middle scenario. Cisco Talos documents the vulnerable version (GL-AXT1800 4.7.0) and assigns CVSS v...

8.3CVSS6.5AI score0.00223EPSS
Exploits0References2
Talos
Talos
added 2025/11/24 12:0 a.m.13 views

GL-Inet GL-AXT1800 OTA Update firmware downgrade vulnerability

Talos Vulnerability Report TALOS-2025-2230 GL-Inet GL-AXT1800 OTA Update firmware downgrade vulnerability November 24, 2025 CVE Number CVE-2025-44018 SUMMARY A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can le...

8.3CVSS9.2AI score0.00223EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.6 views

PT-2024-31519 · Gl.Inet · Gl-Inet Mt6000 +3

Name of the Vulnerable Software and Affected Versions: GL-iNet MT6000 version 4.6.2 GL-iNet MT3000 version 4.6.2 GL-iNet MT2500 version 4.6.2 GL-iNet AXT1800 version 4.6.2 GL-iNet AX1800 version 4.6.2 Description: An issue was discovered on certain GL-iNet devices. The params parameter in the cal...

8.8CVSS7.5AI score0.00647EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.10 views

PT-2024-31518 · Gl.Inet · Gl-Inet Mt6000 +3

Name of the Vulnerable Software and Affected Versions: GL-iNet MT6000 version 4.6.2 GL-iNet MT3000 version 4.6.2 GL-iNet MT2500 version 4.6.2 GL-iNet AXT1800 version 4.6.2 GL-iNet AX1800 version 4.6.2 Description: An issue was discovered on certain GL-iNet devices. The SID generated for a specifi...

8CVSS6.8AI score0.0048EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/12/27 12:0 a.m.9 views

PT-2023-8749 · Gl.Inet · Gl-Inet Mt1300 +8

Name of the Vulnerable Software and Affected Versions: GL.iNet A1300 versions 4.4.6 GL.iNet AX1800 versions 4.4.6 GL.iNet AXT1800 versions 4.4.6 GL.iNet MT3000 versions 4.4.6 GL.iNet MT2500 versions 4.4.6 GL.iNet MT6000 versions 4.5.0 GL.iNet MT1300 versions 4.3.7 GL.iNet MT300N-V2 versions 4.3.7...

7.8CVSS9.7AI score0.09123EPSS
Exploits4References15
ATTACKERKB
ATTACKERKB
added 2023/11/30 5:15 a.m.5 views

CVE-2023-47464

Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function...

8.8CVSS7.7AI score0.22593EPSS
Exploits2References2
OSV
OSV
added 2023/11/30 5:15 a.m.5 views

CVE-2023-47463

Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the glnassys authentication function...

9.8CVSS6.1AI score0.01277EPSS
Exploits0References1
Rows per page
Query Builder