CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.157

EPSS Ranking 94.4%

CVSS Severity

CVSS v3 Score 9.8

References

https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/
https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/

Products affected by CVE-2023-46454

Gl-Inet » Gl-Ar300m » Version: N/A

cpe:2.3:h:gl-inet:gl-ar300m:-
Gl-Inet » Gl-Ar300m Firmware » Version: 4.3.7

cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-46454

Products

Pricing

Contact Us