Vulnerabilities > GL Inet > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-06 CVE-2024-39227 Injection vulnerability in Gl-Inet products
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc.
network
low complexity
gl-inet CWE-74
critical
9.8
2024-08-06 CVE-2024-39225 Improper Restriction of Excessive Authentication Attempts vulnerability in Gl-Inet products
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.
network
low complexity
gl-inet CWE-307
critical
9.8
2024-08-06 CVE-2024-39226 Path Traversal vulnerability in Gl-Inet products
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.
network
low complexity
gl-inet CWE-22
critical
9.8
2024-08-06 CVE-2024-39228 OS Command Injection vulnerability in Gl-Inet products
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config.
network
low complexity
gl-inet CWE-78
critical
9.8
2024-01-12 CVE-2023-50919 Improper Authentication vulnerability in Gl-Inet products
An issue was discovered on GL.iNet devices before version 4.5.0.
network
low complexity
gl-inet CWE-287
critical
9.8
2024-01-03 CVE-2023-50921 Unspecified vulnerability in Gl-Inet products
An issue was discovered on GL.iNet devices through 4.5.0.
network
low complexity
gl-inet
critical
9.8
2023-12-12 CVE-2023-46454 OS Command Injection vulnerability in Gl-Inet Gl-Ar300M Firmware 4.3.7
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.
network
low complexity
gl-inet CWE-78
critical
9.8
2023-12-12 CVE-2023-46456 Injection vulnerability in Gl-Inet Gl-Ar300M Firmware 3.216
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.
network
low complexity
gl-inet CWE-74
critical
9.8
2023-11-30 CVE-2023-47463 Improper Preservation of Permissions vulnerability in Gl-Inet Gl-Ax1800 Firmware 4.0.0/4.3.7/4.4.6
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function.
network
low complexity
gl-inet CWE-281
critical
9.8
2023-11-29 CVE-2023-47462 Incorrect Default Permissions vulnerability in Gl-Inet Gl-Ax1800 Firmware 3.125
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.
network
low complexity
gl-inet CWE-276
critical
9.8