237 matches found
GL.iNet GoodCloud 跨站脚本漏洞
GL.iNet GoodCloud is an IoT device management system from China's Guanglian Zhitong GL.iNet. A cross-site scripting vulnerability exists in GL.iNet GoodCloud version 1.00.220412.00, which stems from the presence of multiple stored cross-site scripting XSS vulnerabilities that could allow an...
CVE-2022-42054
Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...
CVE-2022-42055
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...
CVE-2022-42054
Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...
CVE-2022-42055
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...
CVE-2022-42054
GL.iNet GoodCloud IoT Device Management System, v1.00.220412.00, contains multiple stored XSS vulnerabilities in the Company Name and Description fields. Root cause: insufficient input sanitization allowing injected scripts/HTML to be stored and later rendered. Impact per sources: potential arbit...
PT-2022-26224 · Gl.Inet · Gl.Inet Goodcloud Iot Device Management System
Name of the Vulnerable Software and Affected Versions: GL.iNet GoodCloud IoT Device Management System version 1.00.220412.00 Description: The issue concerns multiple stored cross-site scripting XSS vulnerabilities. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via...
CVE-2021-44148
GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/routercgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name...
CVE-2021-44148
GL.iNet GL-AR150 2.x before 3.x devices configured as repeaters are affected by a cross‑site scripting (XSS) vulnerability in cgi-bin/router_cgi?action=scanwifi. An attacker can embed an XSS payload in the SSID name, triggering XSS. This is documented in CVE-2021-44148 (NVD/NVD-derived descriptio...
CVE-2019-6275
Command injection vulnerability in firmwarecgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code...
CVE-2019-6274
Directory traversal vulnerability in storagecgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences...
Command injection
Command injection vulnerability in firmwarecgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code...
Command injection
Command injection vulnerability in logincgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code...
CVE-2019-6275
GL-AR300M-Lite (firmware 2.27) is affected by CVE-2019-6275 due to a command injection vulnerability in the firmware_cgi component, enabling arbitrary code execution. Affected product: GL.iNet GL-AR300M-Lite; vulnerability source: CVE entry and corroborating exploit listings. Technical details ac...
CVE-2019-6274
CVE-2019-6274 affects GL.iNet GL-AR300M-Lite devices with firmware 2.27, due to a directory traversal vulnerability in storage_cgi. The issue allows remote attackers to influence the system via directory traversal sequences (reported impact as unspecified in the CVE description), with exploit ref...
CVE-2019-6273
downloadfile in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files...
CVE-2019-6272
GL-AR300M-Lite devices (firmware 2.27) are affected by CVE-2019-6272 due to a vulnerability in login_cgi that enables authenticated command injection, potentially allowing arbitrary code execution. The issue is triggered after an attacker with prior login access sends crafted requests to login_cg...