Gl-inet Gl-mt300n-v2
13 CVEs affecting Gl-inet Gl-mt300n-v2. Latest disclosed: 2024-01-12. Critical: 4, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-50919 | Critical | 9.8 | 2024-01-12 | An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4… |
CVE-2023-50921 | Critical | 9.8 | 2024-01-03 | An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affect… |
CVE-2023-31475 | Critical | 9.8 | 2023-05-11 | An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a… |
CVE-2023-31471 | Critical | 9.8 | 2023-05-10 | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a rev… |
CVE-2023-50445 | High | 7.8 | 2023-12-28 | Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7… |
CVE-2023-31477 | High | 7.5 | 2023-05-11 | A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such a… |
CVE-2023-31478 | High | 7.5 | 2023-05-09 | An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. |
CVE-2023-31474 | High | 7.5 | 2023-05-09 | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request… |
CVE-2023-31472 | High | 7.5 | 2023-05-09 | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. Thi… |
CVE-2023-50922 | High | 7.2 | 2024-01-03 | An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a cront… |
CVE-2022-31898 | Medium | 6.8 | 2022-10-27 | gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_… |
CVE-2023-50920 | Medium | 5.5 | 2024-01-12 | An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session id… |
CVE-2023-31473 | Medium | 4.9 | 2023-05-11 | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. Thi… |