Gl-inet Gl-ax1800 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Gl-inet Gl-ax1800 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2023-50921 — CVSS 9.8 (critical): An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root…
CVE-2023-31471 — CVSS 9.8 (critical): An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary…
CVE-2023-50919 — CVSS 9.8 (critical): An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching…
CVE-2023-47462 — CVSS 9.8 (critical): Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file…
CVE-2023-47463 — CVSS 9.8 (critical): Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a…
CVE-2023-31475 — CVSS 9.8 (critical): An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item…
CVE-2023-47464 — CVSS 8.8 (high): Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the…
CVE-2023-31478 — CVSS 7.5 (high): An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the…
CVE-2023-31477 — CVSS 7.5 (high): A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an…
CVE-2023-31474 — CVSS 7.5 (high): An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary…
CVE-2023-31472 — CVSS 7.5 (high): An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on…
CVE-2023-50922 — CVSS 7.2 (high): An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code…
CVE-2022-31898 — CVSS 6.8 (medium): gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the…
CVE-2023-50920 — CVSS 5.5 (medium): An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers…
CVE-2023-31473 — CVSS 4.9 (medium): An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on…