Vulnerabilities > GL Inet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-26 | CVE-2024-28077 | Unspecified vulnerability in Gl-Inet products A denial-of-service issue was discovered on certain GL-iNet devices. | 7.5 |
| 2024-08-06 | CVE-2024-39227 | Injection vulnerability in Gl-Inet products GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. | 9.8 |
| 2024-08-06 | CVE-2024-39229 | Unspecified vulnerability in Gl-Inet products An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server. | 5.3 |
| 2024-08-06 | CVE-2024-39225 | Improper Restriction of Excessive Authentication Attempts vulnerability in Gl-Inet products GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability. | 9.8 |
| 2024-08-06 | CVE-2024-39226 | Path Traversal vulnerability in Gl-Inet products GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API. | 9.8 |
| 2024-08-06 | CVE-2024-39228 | OS Command Injection vulnerability in Gl-Inet products GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config. | 9.8 |
| 2024-01-12 | CVE-2023-50919 | Improper Authentication vulnerability in Gl-Inet products An issue was discovered on GL.iNet devices before version 4.5.0. | 9.8 |
| 2024-01-12 | CVE-2023-50920 | Session Fixation vulnerability in Gl-Inet products An issue was discovered on GL.iNet devices before version 4.5.0. | 5.5 |
| 2024-01-03 | CVE-2023-50921 | Unspecified vulnerability in Gl-Inet products An issue was discovered on GL.iNet devices through 4.5.0. | 9.8 |
| 2024-01-03 | CVE-2023-50922 | Unrestricted Upload of File with Dangerous Type vulnerability in Gl-Inet products An issue was discovered on GL.iNet devices through 4.5.0. | 7.2 |