5.1

CVE-2025-67090

Medienbericht

Exploit

EPSS 0.16%
Veröffentlicht 08.01.2026 00:00:00
Zuletzt bearbeitet 16.01.2026 21:28:08
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (`/cgi-bin/luci`). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gl-inet ≫ Ax1800 Firmware Version4.2.0

Gl-inet ≫ Ax1800 Version-

Gl-inet ≫ Ax1800 Firmware Version4.6.4

Gl-inet ≫ Ax1800 Version-

Gl-inet ≫ Ax1800 Firmware Version4.6.8

Gl-inet ≫ Ax1800 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.373

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.1	2.5	2.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://aleksazatezalo.medium.com/critical-command-injection-vulnerability-in-gl-inet-gl-axt1800-router-firmware-e6d67d81ee51?postPublishedType=repub

Third Party Advisory

Exploit

Press/Media Coverage

https://www.gl-inet.com/security/

Broken Link

https://aleksazatezalo.medium.com/critical-command-injection-vulnerability-in-gl-inet-gl-axt1800-router-firmware-e6d67d81ee51

Third Party Advisory

Exploit

Press/Media Coverage

https://nvd.nist.gov/vuln/detail/CVE-2025-67090

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-67090

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-67090

EUVD