cbcvebase.

Gl-Inet Gl-Mt3000 Firmware vulnerabilities

13 known vulnerabilities affecting gl-inet/gl-mt3000_firmware.

Total CVEs
13
CISA KEV
0
Public exploits
3
Exploited in wild
3
Severity breakdown
CRITICAL5HIGH6MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-50919P1CRITICALCVSS 9.8ExploitedPoCv4.3.7v4.4.62024-01-12
CVE-2023-50919 [CRITICAL] CWE-287 CVE-2023-50919: An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication by An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
nvd
CVE-2023-31478P1HIGHCVSS 7.5ExploitedPoCfixed in 3.2162023-05-09
CVE-2023-31478 [HIGH] CVE-2023-31478: An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about t An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.
nvd
CVE-2023-50445P2HIGHCVSS 7.8ExploitedPoCv4.4.62023-12-28
CVE-2023-50445 [HIGH] CWE-78 CVE-2023-50445: Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well
nvd
CVE-2023-29778P2CRITICALCVSS 9.8v4.1.02023-05-02
CVE-2023-29778 [CRITICAL] CWE-78 CVE-2023-29778: GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logr GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread.
nvd
CVE-2023-31472P3HIGHCVSS 7.5fixed in 3.2162023-05-09
CVE-2023-31472 [HIGH] CWE-770 CVE-2023-31472: An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which a An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.
nvd
CVE-2023-31475P3CRITICALCVSS 9.8fixed in 3.2162023-05-11
CVE-2023-31475 [CRITICAL] CWE-120 CVE-2023-31475: An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.
nvd
CVE-2023-50921P3CRITICALCVSS 9.8v4.4.62024-01-03
CVE-2023-50921 [CRITICAL] CWE-269 CVE-2023-50921: An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interfac An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
nvd
CVE-2023-31471P3CRITICALCVSS 9.8fixed in 3.2162023-05-10
CVE-2023-31471 [CRITICAL] CVE-2023-31471: An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL.
nvd
CVE-2023-31477P3HIGHCVSS 7.5fixed in 3.2162023-05-11
CVE-2023-31477 [HIGH] CWE-22 CVE-2023-31477: A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feat A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path.
nvd
CVE-2023-50922P3HIGHCVSS 7.2v4.4.62024-01-03
CVE-2023-50922 [HIGH] CWE-434 CVE-2023-50922: An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminT An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2
nvd
CVE-2023-31474P3HIGHCVSS 7.5fixed in 3.2162023-05-09
CVE-2023-31474 [HIGH] CVE-2023-31474: An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.
nvd
CVE-2023-31473P4MEDIUMCVSS 4.9fixed in 3.2162023-05-11
CVE-2023-31473 [MEDIUM] CWE-77 CVE-2023-31473: An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which a An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to re
nvd
CVE-2023-50920P4MEDIUMCVSS 5.5v4.3.7v4.4.62024-01-12
CVE-2023-50920 [MEDIUM] CWE-384 CVE-2023-50920: An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID aft An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6,
nvd
Gl-Inet Gl-Mt3000 Firmware vulnerabilities | cvebase