Gl-mt2500 Firmware Security Vulnerabilities and Issues — Gl-mt2500 Firmware CVE List

Lucene search

Gl-inetGl-mt2500 Firmware

4 matches found

CVE•added 2024/01/12 8:15 a.m.•52 views

CVE-2023-50919

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M...

9.8CVSS9.7AI score0.43736EPSS

CVE•added 2024/01/03 8:15 a.m.•47 views

CVE-2023-50922

An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6...

7.2CVSS7.4AI score0.00077EPSS

CVE•added 2024/01/03 9:15 a.m.•37 views

CVE-2023-50921

An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3...

9.8CVSS9.5AI score0.00084EPSS

CVE•added 2024/01/12 8:15 a.m.•28 views

CVE-2023-50920

An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or per...

5.5CVSS5.7AI score0.00011EPSS