Vulnerabilities > GL Inet > GL Ar750S Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-50920 Session Fixation vulnerability in Gl-Inet products
An issue was discovered on GL.iNet devices before version 4.5.0.
local
low complexity
gl-inet CWE-384
5.5
2023-06-13 CVE-2023-33620 Insufficiently Protected Credentials vulnerability in Gl-Inet Gl-Ar750S Firmware 3.215
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack.
network
high complexity
gl-inet CWE-522
5.9
2023-06-13 CVE-2023-33621 Authentication Bypass by Capture-replay vulnerability in Gl-Inet Gl-Ar750S Firmware 3.215
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded.
network
high complexity
gl-inet CWE-294
5.9
2023-05-11 CVE-2023-31473 Command Injection vulnerability in Gl-Inet products
An issue was discovered on GL.iNet devices before 3.216.
network
low complexity
gl-inet CWE-77
4.9