EUVD-2023-50669

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

CVE-2013-3307

Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi pingip parameter on TCP port 52000. Recent assessments: gwillcox-r7 at November 21, 2021 10:11pm UTC reported: Bug in Linksys...

CVE-2025-41427

WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected product, an arbitrary ...

CVE-2025-41427

WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected product, an arbitrary ...

CVE-2025-41427

CVE-2025-41427 affects ELECOM WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN (versions up to v1.0.34). The vulnerability is OS command injection on the Connection Diagnostics page caused by improper neutralization of special elements. A remote authenticated attacker can execute arbitrary OS commands...

CVE-2025-41427

WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected product, an arbitrary ...

CVE-2024-28077

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters such as half...

CVE-2024-28077

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters such as half...

CVE-2024-39228

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface...

CVE-2024-39225

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution RCE vulnerability...

GL.iNet多款产品 安全漏洞

GL.iNet MT300N-V2 and others are products of China's GL.iNet GL.iNet.GL.iNet MT300N-V2 is a mini router.GL.iNet AR750S is a router.GL.iNet AR750 is a router.GL.iNet AR750 is a router. A security vulnerability exists in various GL.iNet products. The vulnerability stems from the fact that an attack...

GL.iNet多款产品 路径遍历漏洞

GL.iNet MT300N-V2 and others are products of China's GL.iNet. GL.iNet MT300N-V2 is a mini router. GL.iNet AR750 is a router. GL.iNet AR300M is a router. A path traversal vulnerability exists in various GL.iNet products, which originates from an insecure privilege in the /cgi-bin/glc interface. Th...

CVE-2024-27356

CVE-2024-27356 affects GL.iNet devices (examples include MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, and others listed). The issue allows an attacker to trigger commands that download files (e.g., logread.tar) from the device, potentially exposing critical user informatio...

Various GL.iNet products Security Breach

GL.iNet MT6000 and others are products of China's GL.iNet GL.iNet. GL.iNet MT6000 is a router. GL.iNet XE3000 is an intelligent router. A security vulnerability exists in several GL.iNet products, which stems from a vulnerability that allows an attacker to obtain critical user information by...

GL.iNet Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' class MetasploitModule 'GL.iNet Unauthenticated Remote Command Execution via the logread module.', 'Description' = %q A command injection...

PT-2023-31300 · Unknown · Wrc-X3000Gs

Name of the Vulnerable Software and Affected Versions: WRC-X3000GSN version 1.0.2 WRC-X3000GS versions 1.0.24 and earlier WRC-X3000GSA versions 1.0.24 and earlier Description: The issue allows a network-adjacent attacker with administrative privilege to execute an arbitrary OS command by sending ...

VulnCheck KEV: CVE-2013-3307

Linksys x3000 firmware is vulnerable to a command injection vulnerability via the pingip parameter...

Linksys X3000 1.0.03 build 001 - Multiple Vulnerabilities

No description provided by source. Device: X3000 Vendor: Linksys ============ Vulnerable Firmware Releases: ============ Firmware Version: v1.0.03 build 001 Jun 11,2012 ============ Vulnerability Overview: ============ OS Command Injection The vulnerability is caused by missing input validation i...

Linksys X3000 - Multiple Vulnerabilities

Device: X3000 Vendor: Linksys ============ Vulnerable Firmware Releases: ============ Firmware Version: v1.0.03 build 001 Jun 11,2012 ============ Vulnerability Overview: ============ OS Command Injection The vulnerability is caused by missing input validation in the pingip parameter and can be...

Linksys X3000 1.0.03 build 001 - Multiple Vulnerabilities

Linksys X3000 1.0.03 build 001 - Multiple Vulnerabilities Device: X3000 Vendor: Linksys ============ Vulnerable Firmware Releases: ============ Firmware Version: v1.0.03 build 001 Jun 11,2012 ============ Vulnerability Overview: ============ OS Command Injection The vulnerability is caused by...