Gl-ar300m CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (25 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-45261	1 Gl-inet	20 Gl-a1300 Firmware, Gl-ar300m16 Firmware, Gl-ar300m Firmware and 17 more	2024-10-28	8 High
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control.
CVE-2024-45260	1 Gl-inet	20 Gl-a1300 Firmware, Gl-ar300m16 Firmware, Gl-ar300m Firmware and 17 more	2024-10-28	8 High
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it.
CVE-2024-45259	1 Gl-inet	20 Gl-a1300 Firmware, Gl-ar300m16 Firmware, Gl-ar300m Firmware and 17 more	2024-10-28	6.5 Medium
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted.
CVE-2024-45263	1 Gl-inet	20 Gl-a1300 Firmware, Gl-ar300m16 Firmware, Gl-ar300m Firmware and 17 more	2024-10-28	8.8 High
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.
CVE-2024-39227	1 Gl-inet	77 A1300, A1300 Firmware, Ap1300 and 74 more	2024-08-15	9.8 Critical
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data.

« first previous Page 2 of 2.