Gl-inet Gl-ar300m

15 CVEs affecting Gl-inet Gl-ar300m. Latest disclosed: 2024-01-12. Critical: 6, High: 7.

Top CVEs affecting Gl-inet Gl-ar300m
CVESeverityScorePublishedSummary
CVE-2023-50919Critical9.82024-01-12An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4…
CVE-2023-50921Critical9.82024-01-03An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affect…
CVE-2023-46456Critical9.82023-12-12In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.
CVE-2023-46454Critical9.82023-12-12In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information…
CVE-2023-31475Critical9.82023-05-11An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a…
CVE-2023-31471Critical9.82023-05-10An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a rev…
CVE-2023-50445High7.82023-12-28Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7…
CVE-2023-46455High7.52023-12-12In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload fun…
CVE-2023-31477High7.52023-05-11A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such a…
CVE-2023-31478High7.52023-05-09An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.
CVE-2023-31474High7.52023-05-09An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request…
CVE-2023-31472High7.52023-05-09An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. Thi…
CVE-2023-50922High7.22024-01-03An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a cront…
CVE-2023-50920Medium5.52024-01-12An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session id…
CVE-2023-31473Medium4.92023-05-11An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. Thi…