Vulnerabilities > GL Inet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2023-31474 | Unspecified vulnerability in Gl-Inet products An issue was discovered on GL.iNet devices before 3.216. | 7.5 |
| 2023-05-09 | CVE-2023-31476 | Command Injection vulnerability in Gl-Inet Gl-Mv1000 Firmware and Gl-Mv1000W Firmware An issue was discovered on GL.iNet devices running firmware before 3.216. | 7.5 |
| 2023-05-02 | CVE-2023-29778 | OS Command Injection vulnerability in Gl-Inet Gl-Mt3000 Firmware 4.1.0 GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. | 9.8 |
| 2022-12-01 | CVE-2022-44211 | Unspecified vulnerability in Gl-Inet Goodcloud In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings. | 7.4 |
| 2022-12-01 | CVE-2022-44212 | Unspecified vulnerability in Gl-Inet Goodcloud In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. | 5.9 |
| 2022-10-27 | CVE-2022-31898 | OS Command Injection vulnerability in Gl-Inet Gl-Ax1800 Firmware and Gl-Mt300N-V2 Firmware gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. | 6.8 |
| 2022-10-27 | CVE-2022-42054 | Cross-site Scripting vulnerability in Gl-Inet Goodcloud 1.00.220412.00 Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. | 5.4 |
| 2022-10-27 | CVE-2022-42055 | OS Command Injection vulnerability in Gl-Inet Goodcloud 1.00.220412.00 Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. | 6.5 |
| 2021-12-07 | CVE-2021-44148 | Cross-site Scripting vulnerability in Gl-Inet Gl-Ar150 Firmware GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name. | 4.3 |
| 2019-03-21 | CVE-2019-6275 | Command Injection vulnerability in Gl-Inet Gl-Ar300M-Lite Firmware 2.27 Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | 6.5 |