Gl-inet Gl-a1300 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Gl-inet Gl-a1300 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2023-50921 — CVSS 9.8 (critical): An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root…
CVE-2023-31471 — CVSS 9.8 (critical): An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary…
CVE-2023-50919 — CVSS 9.8 (critical): An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching…
CVE-2023-31475 — CVSS 9.8 (critical): An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item…
CVE-2023-31478 — CVSS 7.5 (high): An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the…
CVE-2023-31472 — CVSS 7.5 (high): An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on…
CVE-2023-31474 — CVSS 7.5 (high): An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary…
CVE-2023-31477 — CVSS 7.5 (high): A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an…
CVE-2023-50922 — CVSS 7.2 (high): An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code…
CVE-2023-50920 — CVSS 5.5 (medium): An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers…
CVE-2023-31473 — CVSS 4.9 (medium): An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on…