Shodan
Vulnerabilities
Vulnerable Software
Gl-Inet:  Security Vulnerabilities
CVE-2023-31478
An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.
CVSS Score
7.5
EPSS Score
0.799
Published
2023-05-09
CVE-2023-31472
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.
CVSS Score
7.5
EPSS Score
0.285
Published
2023-05-09
CVE-2023-31474
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-05-09
CVE-2023-31476
An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www).
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-09
CVE-2023-29778
GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread.
CVSS Score
9.8
EPSS Score
0.254
Published
2023-05-02
CVE-2022-44211
In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings.
CVSS Score
7.4
EPSS Score
0.002
Published
2022-12-01
CVE-2022-44212
In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel.
CVSS Score
5.9
EPSS Score
0.003
Published
2022-12-01
CVE-2022-42054
Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-10-27
CVE-2022-42055
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.
CVSS Score
6.5
EPSS Score
0.032
Published
2022-10-27
CVE-2022-31898
gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.
CVSS Score
6.8
EPSS Score
0.378
Published
2022-10-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved