CVE-2026-11452

GL.iNet GL-MT3000 (firmware ≤ 4.4.5) exposes a remote command-injection in the SET_USER_PWD Handler (function FUN_0042e200) via the /cgi-bin/glc interface. The vulnerability stems from manipulating the Password parameter, enabling remote execution of commands. Upgrading to firmware 4.8.1 is recom...

GL.iNet GL-MT3000 命令注入漏洞

GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Versions of GL.iNet GL-MT3000 with a version number of 4.4.5 or earlier have a command injection vulnerability. This vulnerability stems from incorrect operations with the parameter...

CVE-2026-26795

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

CVE-2026-32291

The GL-iNet Comet GL-RM1 KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors

Cybersecurity researchers have warned about the risks posed by low-cost IP KVM Keyboard, Video, Mouse over Internet Protocol devices, which can grant attackers extensive control over compromised hosts. The nine vulnerabilities, discovered by Eclypsium , span four different products from GL-iNet...

EUVD-2026-11623

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the setupgrade function via the modemurl, targetversion, currentversion, firmwareupload, hashtype, hashvalue, and upgradetype parameters. These vulnerabilities allow attackers to execute arbitrary...

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

CVE-2020-12684

XXE injection can occur in i-net Clear Reports 2019 19.0.287 Designer, as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser...

EUVD-2020-4980

Malware in sbrugna...

EUVD-2020-3785

Malware in sbrugna...

EUVD-2008-5941

Malware in sbrugna...

CVE-2020-11431

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...

The vulnerability of the File Sharing function on the administrator web panel of microprogramming router software GL.iNet GL-MT3000 allows a hacker to read arbitrary files.

The vulnerability of the File Sharing function on the administrator web panel of the GL.iNet GL-MT3000 router software relates to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow an attacker, operating remotely, to read arbitrary files...

CVE-2024-27356

An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300,...

CVE-2023-24261

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...

GL.iNet devices 安全漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices prior to version 3.216, which can be exploited to install arbitrary software via the software installation feature...

CVE-2020-28150

CVE-2020-28150 affects I-Net Software Clear Reports 20.10.136 Web application. The vulnerability arises because a user-controlled input is used to specify a link to an external site and is subsequently used in a Redirect, enabling possible open-redirect behavior. Root cause: untrusted input used ...

I-Net Software Clear Reports 输入验证错误漏洞

I-net Software I-net software Clear Reports is a Java-based cross-platform reporting application from the German company I-net software I-net Software. The program supports the output of reports in PDF, HTML, PS and RTF formats. A security vulnerability exists in I-Net Software Clear Reports...

CVE-2020-12684

XXE injection can occur in i-net Clear Reports 2019 19.0.287 Designer, as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser...

CVE-2020-12684

XXE injection can occur in i-net Clear Reports 2019 19.0.287 Designer, as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser...