4 matches found
CVE-2022-42055
GL.iNet GoodCloud IoT Device Management System v1.00.220412.00 is affected by multiple command-injection vulnerabilities in its ping and traceroute tools that allow an attacker to read arbitrary files. Exploitation requires network access with low privileges, and the issues are classified with a ...
CVE-2022-44211
GL.iNet Goodcloud 1.1 is affected by an improper access control vulnerability. The issue allows a remote attacker to access or change devices’ settings due to insufficient authorization checks in the Goodcloud component. Affected product: GL.iNet Goodcloud (version 1.1). Reported impact per conne...
CVE-2022-44212
CVE-2022-44212 affects GL.iNet Goodcloud 1.0. The vulnerability is described as an insecure design that allows a remote attacker to access the device management/admin panel. The cited metrics from NVD indicate a CVSS v3.1 base score of 5.9 (Medium) with Network attack vector, high attack complexi...
CVE-2022-42054
GL.iNet GoodCloud IoT Device Management System, v1.00.220412.00, contains multiple stored XSS vulnerabilities in the Company Name and Description fields. Root cause: insufficient input sanitization allowing injected scripts/HTML to be stored and later rendered. Impact per sources: potential arbit...