Gl-Inet: Security Vulnerabilities
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.
CVSS Score
6.5
EPSS Score
0.071
Published
2022-10-27
gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.
CVSS Score
6.8
EPSS Score
0.15
Published
2022-10-27
GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-07
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.053
Published
2019-03-21
download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files.
CVSS Score
6.5
EPSS Score
0.072
Published
2019-03-21
Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences.
CVSS Score
8.8
EPSS Score
0.038
Published
2019-03-21
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.053
Published
2019-03-21
Page 6