Gl-Inet: Security Vulnerabilities
GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-07
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.07
Published
2019-03-21
download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files.
CVSS Score
6.5
EPSS Score
0.072
Published
2019-03-21
Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences.
CVSS Score
8.8
EPSS Score
0.038
Published
2019-03-21
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.07
Published
2019-03-21
Page 5