VYPR

Vendor CVEs

Gl Inet

All CVEs

69 total · sorted by risk
  • CVE-2026-12187HigJun 14, 2026
    risk 0.57cvss 8.8epss 0.02

    A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/one_click_upgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The…

  • CVE-2026-12186HigJun 14, 2026
    risk 0.57cvss 8.8epss 0.02

    A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replace_country in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated…

  • CVE-2025-44018HigNov 24, 2025
    risk 0.54cvss 8.3epss 0.00

    A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

  • CVE-2025-2851HigApr 26, 2025
    risk 0.52cvss 8.0epss 0.00

    A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi,…

  • CVE-2026-32292HigMar 17, 2026
    risk 0.49cvss 7.5epss 0.01

    The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.

  • CVE-2025-25685HigMar 17, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share.

  • CVE-2025-25684HigMar 17, 2025
    risk 0.49cvss 7.5epss 0.00

    A lack of validation in the path parameter (/download) of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request.

  • CVE-2026-11452HigJun 7, 2026
    risk 0.48cvss 7.3epss 0.02

    A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN_0042e200 of the file /cgi-bin/glc of the component SET_USER_PWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely.…

  • CVE-2026-11451HigJun 7, 2026
    risk 0.48cvss 7.3epss 0.02

    A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument media_dir can lead to command injection. It is possible to launch the attack remotely.…

  • CVE-2026-11450HigJun 7, 2026
    risk 0.48cvss 7.3epss 0.02

    A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev_name results in command injection. It is possible to…

  • CVE-2026-32291MedMar 17, 2026
    risk 0.44cvss 6.8epss 0.00

    The GL-iNet Comet (GL-RM1) KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins.

  • CVE-2026-5959MedApr 9, 2026
    risk 0.43cvss 6.6epss 0.01

    A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated…

  • CVE-2026-11449MedJun 7, 2026
    risk 0.41cvss 6.3epss 0.01

    A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc_sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote.…

  • CVE-2026-11447MedJun 7, 2026
    risk 0.41cvss 6.3epss 0.01

    A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfo_backend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The…

  • CVE-2026-11406MedJun 6, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit…

  • CVE-2025-2811MedApr 26, 2025
    risk 0.37cvss 5.7epss 0.00

    A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango,…

  • CVE-2026-11505MedJun 8, 2026
    risk 0.33cvss 5.0epss 0.00

    A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely.…

  • CVE-2026-11448MedJun 7, 2026
    risk 0.31cvss 4.7epss 0.02

    A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out…

  • CVE-2026-32290MedMar 17, 2026
    risk 0.31cvss 4.7epss 0.00

    The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification.

  • CVE-2026-32293LowMar 17, 2026
    risk 0.24cvss 3.7epss 0.00

    The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will…

  • CVE-2025-2850LowApr 26, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango,…

  • CVE-2023-50919Jan 12, 2024
    risk 0.07cvss epss 0.48

    An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7,…

  • CVE-2023-31478May 9, 2023
    risk 0.07cvss epss 0.30

    An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.

  • CVE-2024-27356Feb 27, 2024
    risk 0.05cvss epss 0.24

    An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300…

  • CVE-2024-39225Aug 6, 2024
    risk 0.04cvss epss 0.15

    GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE)…

  • CVE-2019-6273Mar 19, 2019
    risk 0.04cvss epss 0.12

    download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files.

  • CVE-2023-50445Dec 28, 2023
    risk 0.03cvss epss 0.09

    Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via…

  • CVE-2023-46455Dec 12, 2023
    risk 0.03cvss epss 0.47

    In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.

  • CVE-2019-6275Mar 19, 2019
    risk 0.03cvss epss 0.13

    Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.

  • CVE-2019-6274Mar 19, 2019
    risk 0.03cvss epss 0.11

    Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences.

  • CVE-2019-6272Mar 19, 2019
    risk 0.03cvss epss 0.13

    Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.

  • CVE-2023-31475May 11, 2023
    risk 0.02cvss epss 0.14

    An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.

  • CVE-2023-31472May 9, 2023
    risk 0.02cvss epss 0.20

    An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.

  • CVE-2024-39226Aug 6, 2024
    risk 0.01cvss epss 0.21

    GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to…

  • CVE-2023-46454Dec 12, 2023
    risk 0.01cvss epss 0.23

    In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.

  • CVE-2023-46456Dec 12, 2023
    risk 0.01cvss epss 0.25

    In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.

  • CVE-2023-24261Jun 21, 2023
    risk 0.01cvss epss 0.19

    A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.

  • CVE-2023-29778May 2, 2023
    risk 0.01cvss epss 0.19

    GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread.

  • CVE-2022-31898Oct 27, 2022
    risk 0.01cvss epss 0.16

    gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.

  • CVE-2022-42055Oct 27, 2022
    risk 0.01cvss epss 0.02

    Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.

  • CVE-2026-26792Mar 12, 2026
    risk 0.00cvss epss 0.03

    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. These vulnerabilities allow…

  • CVE-2026-26793Mar 12, 2026
    risk 0.00cvss epss 0.02

    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

  • CVE-2026-26794Mar 12, 2026
    risk 0.00cvss epss 0.00

    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request.

  • CVE-2026-26795Mar 12, 2026
    risk 0.00cvss epss 0.02

    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

  • CVE-2026-26791Mar 12, 2026
    risk 0.00cvss epss 0.02

    GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

  • CVE-2025-67089Jan 8, 2026
    risk 0.00cvss epss 0.01

    A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute…

  • CVE-2024-45259Oct 24, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted.

  • CVE-2024-45262Oct 24, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path.

  • CVE-2024-45260Oct 24, 2024
    risk 0.00cvss epss 0.04

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it.

  • CVE-2024-45261Oct 24, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses…

Page 1 of 2