Gl-inet Gl-ar750s
14 CVEs affecting Gl-inet Gl-ar750s. Latest disclosed: 2024-01-12. Critical: 4, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-50919 | Critical | 9.8 | 2024-01-12 | An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4… |
CVE-2023-50921 | Critical | 9.8 | 2024-01-03 | An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affect… |
CVE-2023-31475 | Critical | 9.8 | 2023-05-11 | An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a… |
CVE-2023-31471 | Critical | 9.8 | 2023-05-10 | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a rev… |
CVE-2023-50445 | High | 7.8 | 2023-12-28 | Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7… |
CVE-2023-31477 | High | 7.5 | 2023-05-11 | A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such a… |
CVE-2023-31478 | High | 7.5 | 2023-05-09 | An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. |
CVE-2023-31474 | High | 7.5 | 2023-05-09 | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request… |
CVE-2023-31472 | High | 7.5 | 2023-05-09 | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. Thi… |
CVE-2023-50922 | High | 7.2 | 2024-01-03 | An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a cront… |
CVE-2023-33620 | Medium | 5.9 | 2023-06-13 | GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. |
CVE-2023-33621 | Medium | 5.9 | 2023-06-13 | GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is… |
CVE-2023-50920 | Medium | 5.5 | 2024-01-12 | An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session id… |
CVE-2023-31473 | Medium | 4.9 | 2023-05-11 | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. Thi… |