225 matches found
GL.iNet <= 4.3.7 - Arbitrary File Write
GL.iNet = 4.3.7 is vulnerable to an arbitrary file write exploit, allowing an attacker to overwrite arbitrary system files. id: CVE-2023-46455 info: name: GL.iNet = 4.3.7 - Arbitrary File Write author: Zierax severity: high description: | GL.iNet = 4.3.7 is vulnerable to an arbitrary file write...
PT-2026-31635
A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The...
Exploit for OS Command Injection in Gl-Inet Gl-Mt300N-V2_Firmware
GL-InjectoR: CVE-2022-31898 Authenticated Command Injection in...
CVE-2023-50922
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000...
CVE-2023-50445
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...
CVE-2023-31477
A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path...
CVE-2023-31478
An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key...
CVE-2023-31474
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name...
CVE-2022-42054
Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...
CVE-2022-42055
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...
PT-2026-1872
Name of the Vulnerable Software and Affected Versions GL.Inet GL.Inet AX1800 versions 4.6.4 and 4.6.8 Description An issue exists in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call within the GL.Inet AX1800. The script operates with root privileges when activated through...
GL.iNet AX1800 安全漏洞
The GL.iNet AX1800 is a wireless router from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet AX1800 version 4.6.4 and 4.6.8, which stems from a competing condition in the opkg wrapper script that could lead to elevated privileges...
Dell ControlVault, Lasso, GL.iNet vulnerabilities
Cisco Talos' Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Dell ControlVault 3 firmware and its associated Windows software, four vulnerabilities in Entr'ouvert Lasso, and one vulnerability in GL.iNet Slate AX. The vulnerabilities mentioned in this blog post...
EUVD-2019-15839
Malware in sbrugna...
EUVD-2019-15841
Malware in sbrugna...
EUVD-2019-15838
Malware in sbrugna...
EUVD-2019-15840
Malware in sbrugna...
EUVD-2023-28318
Malicious code in bioql PyPI...
EUVD-2023-35782
Malicious code in bioql PyPI...
EUVD-2025-12488
Malicious code in bioql PyPI...