Vulnerabilities > GL Inet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-01 | CVE-2022-44212 | Unspecified vulnerability in Gl-Inet Goodcloud In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. | 5.9 |
| 2022-10-27 | CVE-2022-31898 | OS Command Injection vulnerability in Gl-Inet Gl-Ax1800 Firmware and Gl-Mt300N-V2 Firmware gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. | 6.8 |
| 2022-10-27 | CVE-2022-42054 | Cross-site Scripting vulnerability in Gl-Inet Goodcloud 1.00.220412.00 Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. | 5.4 |
| 2022-10-27 | CVE-2022-42055 | OS Command Injection vulnerability in Gl-Inet Goodcloud 1.00.220412.00 Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. | 6.5 |
| 2021-12-07 | CVE-2021-44148 | Cross-site Scripting vulnerability in Gl-Inet Gl-Ar150 Firmware GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name. | 6.1 |
| 2019-03-21 | CVE-2019-6275 | Command Injection vulnerability in Gl-Inet Gl-Ar300M-Lite Firmware 2.27 Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | 8.8 |
| 2019-03-21 | CVE-2019-6274 | Path Traversal vulnerability in Gl-Inet Gl-Ar300M-Lite Firmware 2.27 Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. | 8.8 |
| 2019-03-21 | CVE-2019-6273 | Path Traversal vulnerability in Gl-Inet Gl-Ar300M-Lite Firmware 2.27 download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files. | 6.5 |
| 2019-03-21 | CVE-2019-6272 | Command Injection vulnerability in Gl-Inet Gl-Ar300M-Lite Firmware 2.27 Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | 8.8 |