Gl-inet Gl-mt6000 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Gl-inet Gl-mt6000 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-50919 — CVSS 9.8 (critical): An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching…
CVE-2023-50921 — CVSS 9.8 (critical): An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root…
CVE-2023-50922 — CVSS 7.2 (high): An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code…
CVE-2023-50920 — CVSS 5.5 (medium): An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers…