CVE-2023-50921

An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the adduser interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750...

CVE-2023-50922

An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000...

CVE-2023-50922

An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000...

Various GL.iNet products Security Breach

GL.iNet MT3000 and others are products of China-based GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet MT2500 is a router.GL.iNet MT6000 is a router. A security vulnerability exists in various GL.iNet products that originated from a vulnerability...

Various GL.iNet products Security Breach

GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet AR750S is a router.GL.iNet AR750 is a router.GL.iNet AR750 is a router. A security vulnerability exists in several GL.iNet products that originated...

CVE-2023-50445

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...

GL.iNet Multiple Products Operating System Command Injection Vulnerability

GL.iNet MT1300 and others are products of China's Guanglian Zhitong GL.iNet.GL.iNet MT1300 is a router.GL.iNet MT300N-V2 is a mini router.GL.iNet AR750S is a router. Operating system command injection vulnerability exists in several GL.iNet products. The vulnerability stems from the getsystemlog...

PT-2023-8749 · Gl.Inet · Gl-Inet Mt1300 +8

Name of the Vulnerable Software and Affected Versions: GL.iNet A1300 versions 4.4.6 GL.iNet AX1800 versions 4.4.6 GL.iNet AXT1800 versions 4.4.6 GL.iNet MT3000 versions 4.4.6 GL.iNet MT2500 versions 4.4.6 GL.iNet MT6000 versions 4.5.0 GL.iNet MT1300 versions 4.3.7 GL.iNet MT300N-V2 versions 4.3.7...

PT-2023-8297 · Gl.Inet +1 · Gl.Inet +1

Name of the Vulnerable Software and Affected Versions: GL.iNet devices versions prior to 4.5.0 Description: An issue was discovered in GL.iNet devices, where there is an NGINX authentication bypass via Lua string pattern matching. This allows a remote attacker to bypass authentication and gain...

CVE-2023-46456

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

CVE-2023-46455

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

CVE-2023-46456

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...

GL.iNet GL-AR300M Security Vulnerability

GL.iNet GL-AR300M is a modern mini smart router from China's GL.iNet. A security vulnerability exists in the GL.iNET GL-AR300M v4.3.7, which stems from the presence of a path traversal vulnerability that allows an attacker to write arbitrary files via the file upload function of the OpenVPN clien...

GL.iNet GL-AR300M Security Vulnerability

GL.iNet GL-AR300M is a modern mini smart router from China's GL.iNet. A security vulnerability exists in the GL.iNet GL-AR300M version 3.216, which originated from a vulnerability that allows attackers to inject arbitrary shell commands via the file upload function of the OpenVPN client...

Exploit for OS Command Injection in Gl-Inet Gl-Ar300M_Firmware

GL.iNet Multiple Vulnerabilities This repository contains the...

PT-2023-30033 · Gl.Inet · Gl-Ar300M

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR300M version 4.3.7 Description: The issue allows an attacker to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. This can potentially lead to unauthorized access and...

PT-2023-30034 · Gl.Inet · Gl-Ar300M

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR300M version 3.216 Description: The issue allows for the injection of arbitrary shell commands through the OpenVPN client file upload functionality. This can potentially lead to remote code execution. Recommendations: For version...

CVE-2023-47464

Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function...

CVE-2023-47463

Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the glnassys authentication function...