CVE-2023-31477
- EPSS 0.31%
- Veröffentlicht 11.05.2023 02:15:09
- Zuletzt bearbeitet 27.01.2025 18:15:34
A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB pat...
CVE-2023-31471
- EPSS 0.62%
- Veröffentlicht 10.05.2023 15:15:10
- Zuletzt bearbeitet 27.01.2025 20:15:31
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-si...
CVE-2023-31478
- EPSS 82.64%
- Veröffentlicht 09.05.2023 23:15:09
- Zuletzt bearbeitet 29.01.2025 21:15:20
An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.
CVE-2023-31472
- EPSS 26.69%
- Veröffentlicht 09.05.2023 18:15:14
- Zuletzt bearbeitet 29.01.2025 21:15:19
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.
CVE-2023-31474
- EPSS 0.28%
- Veröffentlicht 09.05.2023 18:15:14
- Zuletzt bearbeitet 29.01.2025 21:15:19
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature...
CVE-2022-31898
- EPSS 22.36%
- Veröffentlicht 27.10.2022 18:15:10
- Zuletzt bearbeitet 07.05.2025 19:16:05
gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.