Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Gl-inet Subscribe
Filtered by product Gl-ax1800

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-50921 1 Gl-inet 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more 2024-01-10 N/A 9.8 CRITICAL
An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
CVE-2023-50922 1 Gl-inet 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more 2024-01-10 N/A 7.2 HIGH
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
CVE-2023-50445 1 Gl-inet 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more 2024-01-05 N/A 7.8 HIGH
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.
CVE-2023-47463 1 Gl-inet 2 Gl-ax1800, Gl-ax1800 Firmware 2023-12-05 N/A 9.8 CRITICAL
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function.
CVE-2023-47464 1 Gl-inet 2 Gl-ax1800, Gl-ax1800 Firmware 2023-12-05 N/A 8.8 HIGH
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function.
CVE-2023-47462 1 Gl-inet 2 Gl-ax1800, Gl-ax1800 Firmware 2023-12-05 N/A 9.8 CRITICAL
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.