Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by gl.inet
CVE-2026-11505 (GCVE-0-2026-11505)
Vulnerability from cvelistv5 – Published: 2026-06-08 10:15 – Updated: 2026-06-08 13:25
VLAI
Title
GL.iNet XE3000 glnassys hard-coded key
Summary
A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key
. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369125 | vdb-entry |
| https://vuldb.com/vuln/369125/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11505 | third-party-advisory |
| https://vuldb.com/submit/835698 | third-party-advisory |
| https://github.com/gl-inet/CVE-issues/blob/main/4… | related |
| https://cloud-static-test.gl-inet.cn/security/ope… | patch |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| GL.iNet | A1300 |
Affected:
4.8.*
Unaffected: 4.9.0 cpe:2.3:a:gl.inet:a1300:*:*:*:*:*:*:*:* |
|
| GL.iNet | AX1800 |
Affected:
4.8.*
Unaffected: 4.9.0 cpe:2.3:a:gl.inet:ax1800:*:*:*:*:*:*:*:* |
|
| GL.iNet | AXT1800 |
Affected:
4.8.*
Unaffected: 4.9.0 cpe:2.3:a:gl.inet:axt1800:*:*:*:*:*:*:*:* |
|
| GL.iNet | MT2500 |
Affected:
4.8.*
Unaffected: 4.9.0 cpe:2.3:a:gl.inet:mt2500:*:*:*:*:*:*:*:* |
|
| GL.iNet | MT3000 |
Affected:
4.8.*
Unaffected: 4.9.0 cpe:2.3:a:gl.inet:mt3000:*:*:*:*:*:*:*:* |
|
| GL.iNet | MT6000 |
Affected:
4.8.*
Unaffected: 4.9.0 cpe:2.3:a:gl.inet:mt6000:*:*:*:*:*:*:*:* |
|
| GL.iNet | X3000 |
Affected:
4.8.*
Unaffected: 4.9.0 cpe:2.3:a:gl.inet:x3000:*:*:*:*:*:*:*:* |
|
| GL.iNet | XE3000 |
Affected:
4.8.*
Unaffected: 4.9.0 cpe:2.3:a:gl.inet:xe3000:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T13:25:39.138620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T13:25:49.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gl.inet:a1300:*:*:*:*:*:*:*:*"
],
"modules": [
"glnassys"
],
"product": "A1300",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.8.*"
},
{
"status": "unaffected",
"version": "4.9.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:gl.inet:ax1800:*:*:*:*:*:*:*:*"
],
"modules": [
"glnassys"
],
"product": "AX1800",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.8.*"
},
{
"status": "unaffected",
"version": "4.9.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:gl.inet:axt1800:*:*:*:*:*:*:*:*"
],
"modules": [
"glnassys"
],
"product": "AXT1800",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.8.*"
},
{
"status": "unaffected",
"version": "4.9.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:gl.inet:mt2500:*:*:*:*:*:*:*:*"
],
"modules": [
"glnassys"
],
"product": "MT2500",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.8.*"
},
{
"status": "unaffected",
"version": "4.9.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:gl.inet:mt3000:*:*:*:*:*:*:*:*"
],
"modules": [
"glnassys"
],
"product": "MT3000",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.8.*"
},
{
"status": "unaffected",
"version": "4.9.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:gl.inet:mt6000:*:*:*:*:*:*:*:*"
],
"modules": [
"glnassys"
],
"product": "MT6000",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.8.*"
},
{
"status": "unaffected",
"version": "4.9.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:gl.inet:x3000:*:*:*:*:*:*:*:*"
],
"modules": [
"glnassys"
],
"product": "X3000",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.8.*"
},
{
"status": "unaffected",
"version": "4.9.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:gl.inet:xe3000:*:*:*:*:*:*:*:*"
],
"modules": [
"glnassys"
],
"product": "XE3000",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.8.*"
},
{
"status": "unaffected",
"version": "4.9.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "GLiNet (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key\r . The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-320",
"description": "Key Management Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T10:15:09.229Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369125 | GL.iNet XE3000 glnassys hard-coded key",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/369125"
},
{
"name": "VDB-369125 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369125/cti"
},
{
"name": "CVE-2026-11505 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11505"
},
{
"name": "Submit #835698 | GL.iNet Router 4.8.x unauthorized",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/835698"
},
{
"tags": [
"related"
],
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/The%20hard%20coded%20default%20authentication%20token%20in%20gl%20nas%20sys%20poses%20a%20risk%20to%20unauthorized%20command%20execution.md"
},
{
"tags": [
"patch"
],
"url": "https://cloud-static-test.gl-inet.cn/security/openwrt-ipq60xx-glinet_ax1800-squashfs-sysupgrade.tar"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T16:11:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "GL.iNet XE3000 glnassys hard-coded key"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11505",
"datePublished": "2026-06-08T10:15:09.229Z",
"dateReserved": "2026-06-07T14:06:05.114Z",
"dateUpdated": "2026-06-08T13:25:49.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11452 (GCVE-0-2026-11452)
Vulnerability from cvelistv5 – Published: 2026-06-07 03:15 – Updated: 2026-06-08 16:33
VLAI
Title
GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection
Summary
A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN_0042e200 of the file /cgi-bin/glc of the component SET_USER_PWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8.1 is able to address this issue. The affected component should be upgraded. The vendor explains: " The current code escapes single quotes in the password parameter and handles it inside a shell single‑quote context. The payloads in the report, which rely on $() or backticks to trigger command substitution, are not executed under the current code path. We tested on a GL‑MT3000 device running firmware 4.8.1 using similar payloads, and no command‑execution marker file was created."
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369072 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369072/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11452 | third-party-advisory |
| https://vuldb.com/submit/826378 | third-party-advisory |
| https://github.com/StrTzz123/iot_vul/blob/main/GL… | related |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11452",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T14:15:52.010323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T16:33:31.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"SET_USER_PWD Handler"
],
"product": "GL-MT3000",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.4.0"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.4.4"
},
{
"status": "affected",
"version": "4.4.5"
},
{
"status": "unaffected",
"version": "4.8.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "strforexc (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN_0042e200 of the file /cgi-bin/glc of the component SET_USER_PWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8.1 is able to address this issue. The affected component should be upgraded. The vendor explains: \" The current code escapes single quotes in the password parameter and handles it inside a shell single\u2011quote context. The payloads in the report, which rely on $() or backticks to trigger command substitution, are not executed under the current code path. We tested on a GL\u2011MT3000 device running firmware 4.8.1 using similar payloads, and no command\u2011execution marker file was created.\""
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-07T03:15:10.332Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369072 | GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369072"
},
{
"name": "VDB-369072 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369072/cti"
},
{
"name": "CVE-2026-11452 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11452"
},
{
"name": "Submit #826378 | GL.iNet GL-MT3000 4.4.5 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/826378"
},
{
"tags": [
"related"
],
"url": "https://github.com/StrTzz123/iot_vul/blob/main/GL-iNet/MT3000/4.4.5/nas_set_user_pwd_glc_rce/Readme.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-06T12:38:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11452",
"datePublished": "2026-06-07T03:15:10.332Z",
"dateReserved": "2026-06-06T10:33:24.201Z",
"dateUpdated": "2026-06-08T16:33:31.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11451 (GCVE-0-2026-11451)
Vulnerability from cvelistv5 – Published: 2026-06-07 03:00 – Updated: 2026-06-08 16:32
VLAI
Title
GL.iNet GL-MT3000 FTP Protocol glc snprintf command injection
Summary
A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument media_dir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version 4.8.1 will fix this issue. You should upgrade the affected component. The vendor explains: "In version 4.8.1, before writing media_dir to the FTP configuration command, the code escapes single quotes using escape_single_quote(). The payloads in the report—which rely on closing a single quote, appending commands with a semicolon, and commenting out the tail with #—cannot escape execution under the current code path. We also verified this on a GL‑MT3000 device running firmware version 4.8.1 using similar payloads calling the /NAS_API_SET_PROTO_CONFIG interface. Although the interface returned success, the marker file intended to prove command execution was not created; the payload was written into /etc/vsftpd.conf only as ordinary configuration content and did not trigger any shell command execution. Therefore, with the current firmware version and default runtime environment, we could not reproduce the claimed “unauthorized command injection in set_proto_config”."
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369071 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369071/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11451 | third-party-advisory |
| https://vuldb.com/submit/825563 | third-party-advisory |
| https://github.com/StrTzz123/iot_vul/blob/main/GL… | related |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11451",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T16:32:06.258338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T16:32:33.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/StrTzz123/iot_vul/blob/main/GL-iNet/MT3000/4.4.5/nas_proto_media_dir_glc_rce/Readme.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"FTP Protocol Handler"
],
"product": "GL-MT3000",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.4.5"
},
{
"status": "unaffected",
"version": "4.8.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "strforexc (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument media_dir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version 4.8.1 will fix this issue. You should upgrade the affected component. The vendor explains: \"In version 4.8.1, before writing media_dir to the FTP configuration command, the code escapes single quotes using escape_single_quote(). The payloads in the report\u2014which rely on closing a single quote, appending commands with a semicolon, and commenting out the tail with #\u2014cannot escape execution under the current code path. We also verified this on a GL\u2011MT3000 device running firmware version 4.8.1 using similar payloads calling the /NAS_API_SET_PROTO_CONFIG interface. Although the interface returned success, the marker file intended to prove command execution was not created; the payload was written into /etc/vsftpd.conf only as ordinary configuration content and did not trigger any shell command execution. Therefore, with the current firmware version and default runtime environment, we could not reproduce the claimed \u201cunauthorized command injection in set_proto_config\u201d.\""
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-07T03:00:14.858Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369071 | GL.iNet GL-MT3000 FTP Protocol glc snprintf command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369071"
},
{
"name": "VDB-369071 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369071/cti"
},
{
"name": "CVE-2026-11451 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11451"
},
{
"name": "Submit #825563 | GL.iNet GL-MT3000 4.4.5 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/825563"
},
{
"tags": [
"related"
],
"url": "https://github.com/StrTzz123/iot_vul/blob/main/GL-iNet/MT3000/4.4.5/nas_proto_media_dir_glc_rce/Readme.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-06T12:38:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "GL.iNet GL-MT3000 FTP Protocol glc snprintf command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11451",
"datePublished": "2026-06-07T03:00:14.858Z",
"dateReserved": "2026-06-06T10:33:20.923Z",
"dateUpdated": "2026-06-08T16:32:33.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11450 (GCVE-0-2026-11450)
Vulnerability from cvelistv5 – Published: 2026-06-07 02:30 – Updated: 2026-06-08 15:30
VLAI
Title
GL.iNet GL-MT3000 Path Normalization dlopen command injection
Summary
A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev_name results in command injection. It is possible to initiate the attack remotely. Upgrading to version 4.7 mitigates this issue. It is advisable to upgrade the affected component. The vendor confirms: " From version 4.7 onward, we have enabled method‑level validation at the HTTP /rpc layer. nas‑web.eject_disk is no longer in the whitelist of allowed methods. Consequently, directly calling eject_disk through the default /rpc endpoint returns Invalid params, preventing entry into subsequent dangerous functions and blocking the remote exploit chain described in the report."
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369070 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369070/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11450 | third-party-advisory |
| https://vuldb.com/submit/825536 | third-party-advisory |
| https://github.com/StrTzz123/iot_vul/tree/main/GL… | related |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11450",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T15:29:48.595354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T15:30:18.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/StrTzz123/iot_vul/tree/main/GL-iNet/MT3000/4.4.5/nas_eject_disk_do1_glc_rce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"Path Normalization Handler"
],
"product": "GL-MT3000",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.4.5"
},
{
"status": "unaffected",
"version": "4.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "strforexc (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev_name results in command injection. It is possible to initiate the attack remotely. Upgrading to version 4.7 mitigates this issue. It is advisable to upgrade the affected component. The vendor confirms: \" From version 4.7 onward, we have enabled method\u2011level validation at the HTTP /rpc layer. nas\u2011web.eject_disk is no longer in the whitelist of allowed methods. Consequently, directly calling eject_disk through the default /rpc endpoint returns Invalid params, preventing entry into subsequent dangerous functions and blocking the remote exploit chain described in the report.\""
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-07T02:30:09.365Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369070 | GL.iNet GL-MT3000 Path Normalization dlopen command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369070"
},
{
"name": "VDB-369070 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369070/cti"
},
{
"name": "CVE-2026-11450 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11450"
},
{
"name": "Submit #825536 | GL.iNet GL-MT3000 4.4.5 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/825536"
},
{
"tags": [
"related"
],
"url": "https://github.com/StrTzz123/iot_vul/tree/main/GL-iNet/MT3000/4.4.5/nas_eject_disk_do1_glc_rce"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-06T12:38:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "GL.iNet GL-MT3000 Path Normalization dlopen command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11450",
"datePublished": "2026-06-07T02:30:09.365Z",
"dateReserved": "2026-06-06T10:33:18.124Z",
"dateUpdated": "2026-06-08T15:30:18.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11449 (GCVE-0-2026-11449)
Vulnerability from cvelistv5 – Published: 2026-06-07 02:15 – Updated: 2026-06-09 14:57
VLAI
Title
GL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injection
Summary
A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc_sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version 4.8.1 is sufficient to resolve this issue. Upgrading the affected component is advised. The vendor confirms: "The issue discovered by the vulnerability researcher on older firmware versions(4.4.5) has actually been fixed and mitigated in the new version. According to the latest firmware fixes, by default, firmware versions after 4.7.13 do not install LuCI, so this vulnerability cannot be exploited."
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369069 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369069/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11449 | third-party-advisory |
| https://vuldb.com/submit/825385 | third-party-advisory |
| https://github.com/StrTzz123/iot_vul/tree/main/GL… | related |
| https://fw.gl-inet.com/firmware/mt3000/release/mt… | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11449",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:57:38.044597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:57:59.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/StrTzz123/iot_vul/tree/main/GL-iNet/MT3000/4.4.5/luci_rpc_sys_exec_rce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"LuCI JSON-RPC Interface"
],
"product": "GL-MT3000",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.4.5"
},
{
"status": "unaffected",
"version": "4.8.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "strforexc (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc_sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version 4.8.1 is sufficient to resolve this issue. Upgrading the affected component is advised. The vendor confirms: \"The issue discovered by the vulnerability researcher on older firmware versions(4.4.5) has actually been fixed and mitigated in the new version. According to the latest firmware fixes, by default, firmware versions after 4.7.13 do not install LuCI, so this vulnerability cannot be exploited.\""
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-07T02:15:08.735Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369069 | GL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369069"
},
{
"name": "VDB-369069 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369069/cti"
},
{
"name": "CVE-2026-11449 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11449"
},
{
"name": "Submit #825385 | GL.iNet GL-MT3000 4.4.5 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/825385"
},
{
"tags": [
"related"
],
"url": "https://github.com/StrTzz123/iot_vul/tree/main/GL-iNet/MT3000/4.4.5/luci_rpc_sys_exec_rce"
},
{
"tags": [
"patch"
],
"url": "https://fw.gl-inet.com/firmware/mt3000/release/mt3000-4.8.1-0819-1755615825.tar"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-06T12:38:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "GL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11449",
"datePublished": "2026-06-07T02:15:08.735Z",
"dateReserved": "2026-06-06T10:33:15.318Z",
"dateUpdated": "2026-06-09T14:57:59.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11448 (GCVE-0-2026-11448)
Vulnerability from cvelistv5 – Published: 2026-06-07 02:00 – Updated: 2026-06-08 15:25
VLAI
Title
GL.iNet GL-MT3000 Minidlna Service rpc realpath command injection
Summary
A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to version 4.7 is sufficient to fix this issue. It is recommended to upgrade the affected component. The vendor confirms: "Starting from version 4.7, SDK has added global protection to intercept malicious injection".
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369068 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369068/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11448 | third-party-advisory |
| https://vuldb.com/submit/825212 | third-party-advisory |
| https://github.com/StrTzz123/iot_vul/tree/main/GL… | related |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11448",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T15:25:37.228147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T15:25:48.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/StrTzz123/iot_vul/tree/main/GL-iNet/MT3000/4.4.5/minidlna_db_dir_uci_rce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"Minidlna Service"
],
"product": "GL-MT3000",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.4.0"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.4.4"
},
{
"status": "affected",
"version": "4.4.5"
},
{
"status": "unaffected",
"version": "4.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "strforexc (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to version 4.7 is sufficient to fix this issue. It is recommended to upgrade the affected component. The vendor confirms: \"Starting from version 4.7, SDK has added global protection to intercept malicious injection\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-07T02:00:13.687Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369068 | GL.iNet GL-MT3000 Minidlna Service rpc realpath command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369068"
},
{
"name": "VDB-369068 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369068/cti"
},
{
"name": "CVE-2026-11448 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11448"
},
{
"name": "Submit #825212 | GL.iNet GL-MT3000 4.4.5 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/825212"
},
{
"tags": [
"related"
],
"url": "https://github.com/StrTzz123/iot_vul/tree/main/GL-iNet/MT3000/4.4.5/minidlna_db_dir_uci_rce"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-06T12:38:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "GL.iNet GL-MT3000 Minidlna Service rpc realpath command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11448",
"datePublished": "2026-06-07T02:00:13.687Z",
"dateReserved": "2026-06-06T10:33:12.835Z",
"dateUpdated": "2026-06-08T15:25:48.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11447 (GCVE-0-2026-11447)
Vulnerability from cvelistv5 – Published: 2026-06-07 01:15 – Updated: 2026-06-08 13:13
VLAI
Title
GL.iNet GL-MT3000 MTK Backend iwinfo.so iwinfo_backend command injection
Summary
A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfo_backend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 4.7 is recommended to address this issue. Upgrading the affected component is recommended. The vendor confirms: "Starting from version 4.7, SDK has added global protection to intercept malicious injection".
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369067 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369067/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11447 | third-party-advisory |
| https://vuldb.com/submit/824951 | third-party-advisory |
| https://github.com/StrTzz123/iot_vul/tree/main/GL… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11447",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T13:13:00.739529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T13:13:12.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"MTK Backend"
],
"product": "GL-MT3000",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.4.0"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.4.4"
},
{
"status": "affected",
"version": "4.4.5"
},
{
"status": "unaffected",
"version": "4.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "strforexc (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfo_backend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 4.7 is recommended to address this issue. Upgrading the affected component is recommended. The vendor confirms: \"Starting from version 4.7, SDK has added global protection to intercept malicious injection\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-07T01:15:09.614Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369067 | GL.iNet GL-MT3000 MTK Backend iwinfo.so iwinfo_backend command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369067"
},
{
"name": "VDB-369067 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369067/cti"
},
{
"name": "CVE-2026-11447 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11447"
},
{
"name": "Submit #824951 | GL.iNet GL-MT3000 4.4.5 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/824951"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/StrTzz123/iot_vul/tree/main/GL-iNet/MT3000/4.4.5/iwinfo_scan_ubus_rce"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-06T12:38:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "GL.iNet GL-MT3000 MTK Backend iwinfo.so iwinfo_backend command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11447",
"datePublished": "2026-06-07T01:15:09.614Z",
"dateReserved": "2026-06-06T10:33:08.860Z",
"dateUpdated": "2026-06-08T13:13:12.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11406 (GCVE-0-2026-11406)
Vulnerability from cvelistv5 – Published: 2026-06-06 09:15 – Updated: 2026-06-08 16:27
VLAI
Title
GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection
Summary
A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 4.9.0_beta3-1012-0513-1778656146 is able to resolve this issue. You should upgrade the affected component. The vendor confirms: "This issue has been addressed by implementing malicious checks on OpenVPN configuration files to prevent command injection attacks carried through malicious configuration files."
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368966 | vdb-entry |
| https://vuldb.com/vuln/368966/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11406 | third-party-advisory |
| https://vuldb.com/submit/820049 | third-party-advisory |
| https://github.com/StrTzz123/iot_vul/tree/main/GL… | exploit |
| https://fw.gl-inet.cn/firmware/mt3000/testing/mt3… | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11406",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T16:27:49.061711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T16:27:56.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:gl-inet:mt3000_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"OpenVPN Client Import Workflow"
],
"product": "MT3000",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.4.0"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.4.4"
},
{
"status": "affected",
"version": "4.4.5"
},
{
"status": "unaffected",
"version": "4.9.0_beta3-1012-0513-1778656146"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "strforexc (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 4.9.0_beta3-1012-0513-1778656146 is able to resolve this issue. You should upgrade the affected component. The vendor confirms: \"This issue has been addressed by implementing malicious checks on OpenVPN configuration files to prevent command injection attacks carried through malicious configuration files.\""
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T09:15:12.019Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368966 | GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/368966"
},
{
"name": "VDB-368966 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368966/cti"
},
{
"name": "CVE-2026-11406 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11406"
},
{
"name": "Submit #820049 | GL.iNet MT3000 4.4.5 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/820049"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/StrTzz123/iot_vul/tree/main/GL-iNet/MT3000/4.4.5/ovpn_client_import"
},
{
"tags": [
"patch"
],
"url": "https://fw.gl-inet.cn/firmware/mt3000/testing/mt3000-4.9.0_beta3-1012-0513-1778656146.tar"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-05T20:31:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11406",
"datePublished": "2026-06-06T09:15:12.019Z",
"dateReserved": "2026-06-05T18:26:22.054Z",
"dateUpdated": "2026-06-08T16:27:56.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5959 (GCVE-0-2026-5959)
Vulnerability from cvelistv5 – Published: 2026-04-09 14:30 – Updated: 2026-04-13 20:01
VLAI
Title
GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication
Summary
A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.8.2 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/356512 | vdb-entry |
| https://vuldb.com/vuln/356512/cti | signaturepermissions-required |
| https://vuldb.com/submit/786688 | third-party-advisory |
| https://github.com/gl-inet/CVE-issues/blob/main/K… | related |
| https://dl.gl-inet.com/kvm/ | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T20:01:45.933133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T20:01:57.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Factory Reset Handler"
],
"product": "GL-RM1",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "unaffected",
"version": "1.8.2"
}
]
},
{
"modules": [
"Factory Reset Handler"
],
"product": "GL-RM10",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "unaffected",
"version": "1.8.2"
}
]
},
{
"modules": [
"Factory Reset Handler"
],
"product": "GL-RM10RC",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "unaffected",
"version": "1.8.2"
}
]
},
{
"modules": [
"Factory Reset Handler"
],
"product": "GL-RM1PE",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "unaffected",
"version": "1.8.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "GLiNet (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.8.2 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:N/AC:H/Au:M/C:C/I:C/A:C/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T14:30:14.351Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-356512 | GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/356512"
},
{
"name": "VDB-356512 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/356512/cti"
},
{
"name": "Submit #786688 | GL.iNet KVM 1.8.1 Access Authentication Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/786688"
},
{
"tags": [
"related"
],
"url": "https://github.com/gl-inet/CVE-issues/blob/main/KVM/1.8.1/Remote%20Access%20Authentication%20Bypass%20After%20Factory%20Reset.md"
},
{
"tags": [
"patch"
],
"url": "https://dl.gl-inet.com/kvm/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-09T11:55:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5959",
"datePublished": "2026-04-09T14:30:14.351Z",
"dateReserved": "2026-04-09T09:50:43.991Z",
"dateUpdated": "2026-04-13T20:01:57.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2851 (GCVE-0-2025-2851)
Vulnerability from cvelistv5 – Published: 2025-04-26 08:00 – Updated: 2025-04-28 18:09
VLAI
Title
GL.iNet GL-A1300 Slate Plus RPC plugins.so buffer overflow
Summary
A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. Affected is an unknown function of the file plugins.so of the component RPC Handler. The manipulation leads to buffer overflow. It is recommended to upgrade the affected component.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.306288 | vdb-entry |
| https://vuldb.com/?ctiid.306288 | signaturepermissions-required |
| https://www.gl-inet.com/security-updates/security… | patch |
Impacted products
23 products
| Vendor | Product | Version | |
|---|---|---|---|
| GL.iNet | GL-A1300 Slate Plus |
Affected:
4.x
|
|
| GL.iNet | GL-AR300M16 Shadow |
Affected:
4.x
|
|
| GL.iNet | GL-AR300M Shadow |
Affected:
4.x
|
|
| GL.iNet | GL-AR750 Creta |
Affected:
4.x
|
|
| GL.iNet | GL-AR750S-EXT Slate |
Affected:
4.x
|
|
| GL.iNet | GL-AX1800 Flint |
Affected:
4.x
|
|
| GL.iNet | GL-AXT1800 Slate AX |
Affected:
4.x
|
|
| GL.iNet | GL-B1300 Convexa-B |
Affected:
4.x
|
|
| GL.iNet | GL-B3000 Marble |
Affected:
4.x
|
|
| GL.iNet | GL-BE3600 Slate 7 |
Affected:
4.x
|
|
| GL.iNet | GL-E750 |
Affected:
4.x
|
|
| GL.iNet | GL-E750V2 Mudi |
Affected:
4.x
|
|
| GL.iNet | GL-MT300N-V2 Mango |
Affected:
4.x
|
|
| GL.iNet | GL-MT1300 Beryl |
Affected:
4.x
|
|
| GL.iNet | GL-MT2500 Brume 2 |
Affected:
4.x
|
|
| GL.iNet | GL-MT3000 Beryl AX |
Affected:
4.x
|
|
| GL.iNet | GL-MT6000 Flint 2 |
Affected:
4.x
|
|
| GL.iNet | GL-SFT1200 Opal |
Affected:
4.x
|
|
| GL.iNet | GL-X300B Collie |
Affected:
4.x
|
|
| GL.iNet | GL-X750 Spitz |
Affected:
4.x
|
|
| GL.iNet | GL-X3000 Spitz AX |
Affected:
4.x
|
|
| GL.iNet | GL-XE300 Puli |
Affected:
4.x
|
|
| GL.iNet | GL-XE3000 Puli AX |
Affected:
4.x
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T18:06:30.255746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T18:09:44.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"RPC Handler"
],
"product": "GL-A1300 Slate Plus",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-AR300M16 Shadow",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-AR300M Shadow",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-AR750 Creta",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-AR750S-EXT Slate",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-AX1800 Flint",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-AXT1800 Slate AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-B1300 Convexa-B",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-B3000 Marble",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-BE3600 Slate 7",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-E750",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-E750V2 Mudi",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-MT300N-V2 Mango",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-MT1300 Beryl",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-MT2500 Brume 2",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-MT3000 Beryl AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-MT6000 Flint 2",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-SFT1200 Opal",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-X300B Collie",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-X750 Spitz",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-X3000 Spitz AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-XE300 Puli",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-XE3000 Puli AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. Affected is an unknown function of the file plugins.so of the component RPC Handler. The manipulation leads to buffer overflow. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei plugins.so der Komponente RPC Handler. Durch Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-26T08:00:08.117Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306288 | GL.iNet GL-A1300 Slate Plus RPC plugins.so buffer overflow",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.306288"
},
{
"name": "VDB-306288 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306288"
},
{
"tags": [
"patch"
],
"url": "https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-26T08:38:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "GL.iNet GL-A1300 Slate Plus RPC plugins.so buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2851",
"datePublished": "2025-04-26T08:00:08.117Z",
"dateReserved": "2025-03-27T06:21:23.874Z",
"dateUpdated": "2025-04-28T18:09:44.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2850 (GCVE-0-2025-2850)
Vulnerability from cvelistv5 – Published: 2025-04-26 07:31 – Updated: 2025-04-28 18:09
VLAI
Title
GL.iNet GL-A1300 Slate Plus Download Interface improper authorization
Summary
A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.306287 | vdb-entry |
| https://vuldb.com/?ctiid.306287 | signaturepermissions-required |
| https://www.gl-inet.com/security-updates/security… | patch |
Impacted products
23 products
| Vendor | Product | Version | |
|---|---|---|---|
| GL.iNet | GL-A1300 Slate Plus |
Affected:
4.x
|
|
| GL.iNet | GL-AR300M16 Shadow |
Affected:
4.x
|
|
| GL.iNet | GL-AR300M Shadow |
Affected:
4.x
|
|
| GL.iNet | GL-AR750 Creta |
Affected:
4.x
|
|
| GL.iNet | GL-AR750S-EXT Slate |
Affected:
4.x
|
|
| GL.iNet | GL-AX1800 Flint |
Affected:
4.x
|
|
| GL.iNet | GL-AXT1800 Slate AX |
Affected:
4.x
|
|
| GL.iNet | GL-B1300 Convexa-B |
Affected:
4.x
|
|
| GL.iNet | GL-B3000 Marble |
Affected:
4.x
|
|
| GL.iNet | GL-BE3600 Slate 7 |
Affected:
4.x
|
|
| GL.iNet | GL-E750 |
Affected:
4.x
|
|
| GL.iNet | GL-E750V2 Mudi |
Affected:
4.x
|
|
| GL.iNet | GL-MT300N-V2 Mango |
Affected:
4.x
|
|
| GL.iNet | GL-MT1300 Beryl |
Affected:
4.x
|
|
| GL.iNet | GL-MT2500 Brume 2 |
Affected:
4.x
|
|
| GL.iNet | GL-MT3000 Beryl AX |
Affected:
4.x
|
|
| GL.iNet | GL-MT6000 Flint 2 |
Affected:
4.x
|
|
| GL.iNet | GL-SFT1200 Opal |
Affected:
4.x
|
|
| GL.iNet | GL-X300B Collie |
Affected:
4.x
|
|
| GL.iNet | GL-X750 Spitz |
Affected:
4.x
|
|
| GL.iNet | GL-X3000 Spitz AX |
Affected:
4.x
|
|
| GL.iNet | GL-XE300 Puli |
Affected:
4.x
|
|
| GL.iNet | GL-XE3000 Puli AX |
Affected:
4.x
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T18:07:02.103624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T18:09:52.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Download Interface"
],
"product": "GL-A1300 Slate Plus",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-AR300M16 Shadow",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-AR300M Shadow",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-AR750 Creta",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-AR750S-EXT Slate",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-AX1800 Flint",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-AXT1800 Slate AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-B1300 Convexa-B",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-B3000 Marble",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-BE3600 Slate 7",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-E750",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-E750V2 Mudi",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-MT300N-V2 Mango",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-MT1300 Beryl",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-MT2500 Brume 2",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-MT3000 Beryl AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-MT6000 Flint 2",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-SFT1200 Opal",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-X300B Collie",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-X750 Spitz",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-X3000 Spitz AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-XE300 Puli",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"Download Interface"
],
"product": "GL-XE3000 Puli AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Download Interface. Durch die Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-26T07:31:03.631Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306287 | GL.iNet GL-A1300 Slate Plus Download Interface improper authorization",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.306287"
},
{
"name": "VDB-306287 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306287"
},
{
"tags": [
"patch"
],
"url": "https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-26T08:38:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "GL.iNet GL-A1300 Slate Plus Download Interface improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2850",
"datePublished": "2025-04-26T07:31:03.631Z",
"dateReserved": "2025-03-27T06:21:21.419Z",
"dateUpdated": "2025-04-28T18:09:52.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2811 (GCVE-0-2025-2811)
Vulnerability from cvelistv5 – Published: 2025-04-26 07:00 – Updated: 2025-04-28 18:09
VLAI
Title
GL.iNet GL-A1300 Slate Plus API redos
Summary
A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to inefficient regular expression complexity. It is recommended to upgrade the affected component.
Severity
5.7 (Medium)
5.7 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.306286 | vdb-entry |
| https://vuldb.com/?ctiid.306286 | signaturepermissions-required |
| https://vuldb.com/?submit.524459 | third-party-advisory |
| https://github.com/gl-inet/CVE-issues/blob/main/4… | related |
| https://www.gl-inet.com/security-updates/security… | patch |
Impacted products
23 products
| Vendor | Product | Version | |
|---|---|---|---|
| GL.iNet | GL-A1300 Slate Plus |
Affected:
4.x
|
|
| GL.iNet | GL-AR300M16 Shadow |
Affected:
4.x
|
|
| GL.iNet | GL-AR300M Shadow |
Affected:
4.x
|
|
| GL.iNet | GL-AR750 Creta |
Affected:
4.x
|
|
| GL.iNet | GL-AR750S-EXT Slate |
Affected:
4.x
|
|
| GL.iNet | GL-AX1800 Flint |
Affected:
4.x
|
|
| GL.iNet | GL-AXT1800 Slate AX |
Affected:
4.x
|
|
| GL.iNet | GL-B1300 Convexa-B |
Affected:
4.x
|
|
| GL.iNet | GL-B3000 Marble |
Affected:
4.x
|
|
| GL.iNet | GL-BE3600 Slate 7 |
Affected:
4.x
|
|
| GL.iNet | GL-E750 |
Affected:
4.x
|
|
| GL.iNet | GL-E750V2 Mudi |
Affected:
4.x
|
|
| GL.iNet | GL-MT300N-V2 Mango |
Affected:
4.x
|
|
| GL.iNet | GL-MT1300 Beryl |
Affected:
4.x
|
|
| GL.iNet | GL-MT2500 Brume 2 |
Affected:
4.x
|
|
| GL.iNet | GL-MT3000 Beryl AX |
Affected:
4.x
|
|
| GL.iNet | GL-MT6000 Flint 2 |
Affected:
4.x
|
|
| GL.iNet | GL-SFT1200 Opal |
Affected:
4.x
|
|
| GL.iNet | GL-X300B Collie |
Affected:
4.x
|
|
| GL.iNet | GL-X750 Spitz |
Affected:
4.x
|
|
| GL.iNet | GL-X3000 Spitz AX |
Affected:
4.x
|
|
| GL.iNet | GL-XE300 Puli |
Affected:
4.x
|
|
| GL.iNet | GL-XE3000 Puli AX |
Affected:
4.x
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2811",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T18:07:38.354152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T18:09:59.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Calling%20a%20special%20API%20that%20doesn\u0027t%20require%20login%20and%20passing%20in%20a%20special%20character%20parameter%20results%20in%20100%25%20CPU%20usage.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"API"
],
"product": "GL-A1300 Slate Plus",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-AR300M16 Shadow",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-AR300M Shadow",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-AR750 Creta",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-AR750S-EXT Slate",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-AX1800 Flint",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-AXT1800 Slate AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-B1300 Convexa-B",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-B3000 Marble",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-BE3600 Slate 7",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-E750",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-E750V2 Mudi",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-MT300N-V2 Mango",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-MT1300 Beryl",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-MT2500 Brume 2",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-MT3000 Beryl AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-MT6000 Flint 2",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-SFT1200 Opal",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-X300B Collie",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-X750 Spitz",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-X3000 Spitz AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-XE300 Puli",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"API"
],
"product": "GL-XE3000 Puli AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pan.li (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to inefficient regular expression complexity. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente API. Mit der Manipulation mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.5,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-26T07:00:05.770Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306286 | GL.iNet GL-A1300 Slate Plus API redos",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.306286"
},
{
"name": "VDB-306286 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306286"
},
{
"name": "Submit #524459 | glinet MT6000 /MT3000 /MT2500 /AXT1800 /AX1800 /B3000 /A1300 /X300B /X3000 /XE3000 /X750 /SFT1200 /MT1300 /E750 /XE300 /AR750 /AR750S / v4.x Large or infinite loop",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.524459"
},
{
"tags": [
"related"
],
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Calling%20a%20special%20API%20that%20doesn\u0027t%20require%20login%20and%20passing%20in%20a%20special%20character%20parameter%20results%20in%20100%25%20CPU%20usage.md"
},
{
"tags": [
"patch"
],
"url": "https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-26T08:38:01.000Z",
"value": "VulDB entry last update"
}
],
"title": "GL.iNet GL-A1300 Slate Plus API redos"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2811",
"datePublished": "2025-04-26T07:00:05.770Z",
"dateReserved": "2025-03-26T12:11:36.452Z",
"dateUpdated": "2025-04-28T18:09:59.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}