Gl-inet CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (54 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-47463	1 Gl-inet	2 Gl-ax1800, Gl-ax1800 Firmware	2024-11-21	9.8 Critical
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function.
CVE-2023-47462	1 Gl-inet	2 Gl-ax1800, Gl-ax1800 Firmware	2024-11-21	9.8 Critical
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.
CVE-2023-46456	1 Gl-inet	2 Gl-ar300m, Gl-ar300m Firmware	2024-11-21	9.8 Critical
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.
CVE-2023-46455	1 Gl-inet	2 Gl-ar300m, Gl-ar300m Firmware	2024-11-21	7.5 High
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.
CVE-2023-46454	1 Gl-inet	2 Gl-ar300m, Gl-ar300m Firmware	2024-11-21	9.8 Critical
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.
CVE-2021-44148	1 Gl-inet	2 Gl-ar150, Gl-ar150 Firmware	2024-11-21	6.1 Medium
GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name.
CVE-2019-6275	1 Gl-inet	2 Gl-ar300m-lite, Gl-ar300m-lite Firmware	2024-11-21	N/A
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
CVE-2019-6274	1 Gl-inet	2 Gl-ar300m-lite, Gl-ar300m-lite Firmware	2024-11-21	N/A
Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences.
CVE-2019-6273	1 Gl-inet	2 Gl-ar300m-lite, Gl-ar300m-lite Firmware	2024-11-21	N/A
download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files.
CVE-2019-6272	1 Gl-inet	2 Gl-ar300m-lite, Gl-ar300m-lite Firmware	2024-11-21	N/A
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
CVE-2024-39226	1 Gl-inet	56 A1300, A1300 Firmware, Ap1300 and 53 more	2024-11-12	4.3 Medium
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.
CVE-2024-39228	1 Gl-inet	57 A1300, A1300 Firmware, Ap1300 and 54 more	2024-08-15	9.8 Critical
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config.
CVE-2024-39227	1 Gl-inet	77 A1300, A1300 Firmware, Ap1300 and 74 more	2024-08-15	9.8 Critical
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data.
CVE-2024-39225	1 Gl-inet	56 A1300, A1300 Firmware, Ap1300 and 53 more	2024-08-15	9.8 Critical
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.

« first previous Page 3 of 3.