Vulnerabilities > GL Inet > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-06 CVE-2024-39229 Unspecified vulnerability in Gl-Inet products
An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when DDNS clients are reporting data to the server.
network
high complexity
gl-inet
5.3
2024-01-12 CVE-2023-50920 Session Fixation vulnerability in Gl-Inet products
An issue was discovered on GL.iNet devices before version 4.5.0.
local
low complexity
gl-inet CWE-384
5.5
2023-06-13 CVE-2023-33620 Insufficiently Protected Credentials vulnerability in Gl-Inet Gl-Ar750S Firmware 3.215
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack.
network
high complexity
gl-inet CWE-522
5.9
2023-06-13 CVE-2023-33621 Authentication Bypass by Capture-replay vulnerability in Gl-Inet Gl-Ar750S Firmware 3.215
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded.
network
high complexity
gl-inet CWE-294
5.9
2023-05-11 CVE-2023-31473 Command Injection vulnerability in Gl-Inet products
An issue was discovered on GL.iNet devices before 3.216.
network
low complexity
gl-inet CWE-77
4.9
2022-12-01 CVE-2022-44212 Unspecified vulnerability in Gl-Inet Goodcloud
In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel.
network
high complexity
gl-inet
5.9
2022-10-27 CVE-2022-31898 OS Command Injection vulnerability in Gl-Inet Gl-Ax1800 Firmware and Gl-Mt300N-V2 Firmware
gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.
low complexity
gl-inet CWE-78
6.8
2022-10-27 CVE-2022-42054 Cross-site Scripting vulnerability in Gl-Inet Goodcloud 1.00.220412.00
Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields.
network
low complexity
gl-inet CWE-79
5.4
2022-10-27 CVE-2022-42055 OS Command Injection vulnerability in Gl-Inet Goodcloud 1.00.220412.00
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.
network
low complexity
gl-inet CWE-78
6.5
2021-12-07 CVE-2021-44148 Cross-site Scripting vulnerability in Gl-Inet Gl-Ar150 Firmware
GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name.
network
gl-inet CWE-79
4.3