Vulnerabilities > GL Inet > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2024-39229 | Unspecified vulnerability in Gl-Inet products An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server. | 5.3 |
| 2024-01-12 | CVE-2023-50920 | Session Fixation vulnerability in Gl-Inet products An issue was discovered on GL.iNet devices before version 4.5.0. | 5.5 |
| 2023-06-13 | CVE-2023-33620 | Insufficiently Protected Credentials vulnerability in Gl-Inet Gl-Ar750S Firmware 3.215 GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. | 5.9 |
| 2023-06-13 | CVE-2023-33621 | Authentication Bypass by Capture-replay vulnerability in Gl-Inet Gl-Ar750S Firmware 3.215 GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. | 5.9 |
| 2023-05-11 | CVE-2023-31473 | Command Injection vulnerability in Gl-Inet products An issue was discovered on GL.iNet devices before 3.216. | 4.9 |
| 2022-12-01 | CVE-2022-44212 | Unspecified vulnerability in Gl-Inet Goodcloud In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. | 5.9 |
| 2022-10-27 | CVE-2022-31898 | OS Command Injection vulnerability in Gl-Inet Gl-Ax1800 Firmware and Gl-Mt300N-V2 Firmware gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. | 6.8 |
| 2022-10-27 | CVE-2022-42054 | Cross-site Scripting vulnerability in Gl-Inet Goodcloud 1.00.220412.00 Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. | 5.4 |
| 2022-10-27 | CVE-2022-42055 | OS Command Injection vulnerability in Gl-Inet Goodcloud 1.00.220412.00 Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. | 6.5 |
| 2021-12-07 | CVE-2021-44148 | Cross-site Scripting vulnerability in Gl-Inet Gl-Ar150 Firmware GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name. | 4.3 |