CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Gl-Inet: >> Gl-Axt1800 Firmware >> 4.2.0 Security Vulnerabilities

CVE-2025-67089

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands with root privileges

CVSS Score

8.1

EPSS Score

0.003

Published

2026-01-08

Page 1

Vulnerabilities

Vulnerable Software

Gl-Inet: >> Gl-Axt1800 Firmware >> 4.2.0 Security Vulnerabilities

Products

Pricing

Contact Us