VYPR

CVE-issues

by Gl Inet

CVEs (5)

  • CVE-2023-31475CriMay 11, 2023
    risk 0.65cvss 9.8epss 0.14

    An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.

  • CVE-2023-50921CriJan 3, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7,…

  • CVE-2023-31478HigMay 9, 2023
    risk 0.51cvss 7.5epss 0.30

    An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.

  • CVE-2023-31476HigMay 9, 2023
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www).

  • CVE-2023-50922HigJan 3, 2024
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800…