CVE-2024-45262

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path...

GL.iNet多款产品 安全漏洞

GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router. A security vulnerability exists in several GL.iNet products. An attacker exploiting this...

PT-2024-31519 · Gl.Inet · Gl-Inet Mt6000 +3

Name of the Vulnerable Software and Affected Versions: GL-iNet MT6000 version 4.6.2 GL-iNet MT3000 version 4.6.2 GL-iNet MT2500 version 4.6.2 GL-iNet AXT1800 version 4.6.2 GL-iNet AX1800 version 4.6.2 Description: An issue was discovered on certain GL-iNet devices. The params parameter in the cal...

CVE-2024-45260

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...

CVE-2024-45261

GL.iNet devices (MT6000/MT3000/MT2500/AXT1800/AX1800) with firmware 4.6.2 have a flaw where the SID generated for a user is not bound to that user, enabling other users to reuse it for authentication and potentially escalate privileges to full control after bypassing login. Reported by multiple s...

CVE-2024-45262

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path...

GL.iNet多款产品 安全漏洞

GL.iNet AX1800 and others are products of China Guanglian Zhitong GL.iNet company.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router.GL.iNet MT6000 is a router.GL.iNet AXT1800 is a router.GL.iNet MT6000 is a router.GL.iNet MT6000 is a router. A security vulnerability exists in severa...

CVE-2024-45261

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's...

CVE-2024-45259

An issue in GL.iNet devices (MT6000, MT3000, MT2500, AXT1800, AX1800) running 4.6.2 allows deletion of any file via the download interface by intercepting an HTTP request and altering the filename property. The root cause is manipulation of the filename parameter in the download flow, leading to ...

GL.iNet多款产品 安全漏洞

GL.iNet MT3000 and others are products of GL.iNet China.GL.iNet MT3000 is an AX3000 portable router using Wi-Fi 6 protocol.GL.iNet MT2500 is a router.GL.iNet MT6000 is a router.GL.iNet MT6000 is a router. A security vulnerability exists in several GL.iNet products. An attacker could exploit the...

GL.iNet多款产品 安全漏洞

GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet AXT1800 is a router.GL.iNet MT2500 is a router.GL.iNet AXT1800 is a router.GL.iNet AXT1800 is a router.GL.iNet MT2500 is a router.GL.iNet MT2500 is ...

CVE-2024-45261

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's...

CVE-2024-45263

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control...

CVE-2024-45259

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted...

CVE-2024-45262

GL-iNet devices affected (MT6000, MT3000, MT2500, AXT1800, AX1800) on version 4.6.2 have a vulnerability in the /rpc call where the params parameter allows arbitrary directory traversal, enabling script execution under arbitrary paths. Affected components: the /rpc endpoint’s params parameter. Im...

SUSE CVE-2024-50038

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid NFPROTOUNSPEC where needed syzbot managed to call xtcluster match via ebtables: WARNING: CPU: 0 PID: 11 at net/netfilter/xtcluster.c:72 xtclustermt+0x196/0x780 .. ebtdotable+0x174b/0x2a40 Module register...

CVE-2022-49018 mptcp: fix sleep in atomic at close time

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sleep in atomic at close time Matt reported a splat at msk close time: BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877 inatomic: 1, irqsdisabled: 0, nonblock: 0, pid: 155, name:...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12779)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12779 advisory. - driver core: Fix ueventshow vs driver detach race Dan Williams Orabug: 37029154 CVE-2024-44952 - VMCI: Fix use-after-free when removing resource in...

ROS-20241011-01

A vulnerability in the NFSD component of the Linux operating system kernel is related to a READDIR buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the dbgfs component of the Linux operating system kernel is related to...

CLSA-2024-1727816002 Fix of 60 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6appenddata CVE-url: https://ubuntu.com/security/CVE-2023-52527 - ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata CVE-url: https://ubuntu.com/security/CVE-2024-43882 - exec: Fix ToCToU between...