7 matches found
CVE-2023-46454
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...
CVE-2023-46455
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...
Path traversal
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...
CVE-2023-46455
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...
CVE-2023-46454
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...
CVE-2023-46455
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...
CVE-2023-46455
GL.iNet GL-AR300M routers on firmware 4.3.7 are affected by CVE-2023-46455 due to a path traversal in the OpenVPN client file upload, enabling arbitrary file writes. Evidence from multiple sources (NVD/NVD-derived entries, Red Hat, Nuclei template, and Exploit-DB) confirms an unauthenticated path...