Product:

Gl\-Ar300m_firmware

(Gl\-Inet)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 15
Date Id Summary Products Score Patch Annotated
2024-01-03 CVE-2023-50921 An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. Gl\-A1300_firmware, Gl\-Ar300m_firmware, Gl\-Ar750_firmware, Gl\-Ar750s_firmware, Gl\-Ax1800_firmware, Gl\-Axt1800_firmware, Gl\-B1300_firmware, Gl\-Mt1300_firmware, Gl\-Mt2500_firmware, Gl\-Mt3000_firmware, Gl\-Mt300n\-V2_firmware, Gl\-Mt6000_firmware 9.8
2023-12-12 CVE-2023-46456 In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality. Gl\-Ar300m_firmware 9.8
2023-12-12 CVE-2023-46454 In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality. Gl\-Ar300m_firmware 9.8
2023-05-11 CVE-2023-31475 An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer. Gl\-A1300_firmware, Gl\-Ap1300_firmware, Gl\-Ap1300lte_firmware, Gl\-Ar300m_firmware, Gl\-Ar750_firmware, Gl\-Ar750s_firmware, Gl\-Ax1800_firmware, Gl\-Axt1800_firmware, Gl\-B1300_firmware, Gl\-B2200_firmware, Gl\-E750_firmware, Gl\-Mifi_firmware, Gl\-Mt1300_firmware, Gl\-Mt2500_firmware, Gl\-Mt2500a_firmware, Gl\-Mt3000_firmware, Gl\-Mt300n\-V2_firmware, Gl\-Mv1000_firmware, Gl\-Mv1000w_firmware, Gl\-S10_firmware, Gl\-S1300_firmware, Gl\-S200_firmware, Gl\-S20_firmware, Gl\-Sf1200_firmware, Gl\-Sft1200_firmware, Gl\-Usb150_firmware, Gl\-X1200_firmware, Gl\-X3000_firmware, Gl\-X300b_firmware, Gl\-X750_firmware, Gl\-Xe300_firmware, Microuter\-N300_firmware 9.8
2023-05-11 CVE-2023-31473 An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file. Gl\-A1300_firmware, Gl\-Ap1300_firmware, Gl\-Ap1300lte_firmware, Gl\-Ar300m_firmware, Gl\-Ar750_firmware, Gl\-Ar750s_firmware, Gl\-Ax1800_firmware, Gl\-Axt1800_firmware, Gl\-B1300_firmware, Gl\-B2200_firmware, Gl\-E750_firmware, Gl\-Mifi_firmware, Gl\-Mt1300_firmware, Gl\-Mt2500_firmware, Gl\-Mt2500a_firmware, Gl\-Mt3000_firmware, Gl\-Mt300n\-V2_firmware, Gl\-Mv1000_firmware, Gl\-Mv1000w_firmware, Gl\-S10_firmware, Gl\-S1300_firmware, Gl\-S200_firmware, Gl\-S20_firmware, Gl\-Sf1200_firmware, Gl\-Sft1200_firmware, Gl\-Usb150_firmware, Gl\-X1200_firmware, Gl\-X3000_firmware, Gl\-X300b_firmware, Gl\-X750_firmware, Gl\-Xe300_firmware, Microuter\-N300_firmware 4.9
2023-05-10 CVE-2023-31471 An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL. Gl\-A1300_firmware, Gl\-Ap1300_firmware, Gl\-Ap1300lte_firmware, Gl\-Ar300m_firmware, Gl\-Ar750_firmware, Gl\-Ar750s_firmware, Gl\-Ax1800_firmware, Gl\-Axt1800_firmware, Gl\-B1300_firmware, Gl\-B2200_firmware, Gl\-E750_firmware, Gl\-Mifi_firmware, Gl\-Mt1300_firmware, Gl\-Mt2500_firmware, Gl\-Mt2500a_firmware, Gl\-Mt3000_firmware, Gl\-Mt300n\-V2_firmware, Gl\-Mv1000_firmware, Gl\-Mv1000w_firmware, Gl\-S10_firmware, Gl\-S1300_firmware, Gl\-S200_firmware, Gl\-S20_firmware, Gl\-Sf1200_firmware, Gl\-Sft1200_firmware, Gl\-Usb150_firmware, Gl\-X1200_firmware, Gl\-X3000_firmware, Gl\-X300b_firmware, Gl\-X750_firmware, Gl\-Xe300_firmware, Microuter\-N300_firmware 9.8
2023-05-11 CVE-2023-31477 A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path. Gl\-A1300_firmware, Gl\-Ap1300_firmware, Gl\-Ap1300lte_firmware, Gl\-Ar300m_firmware, Gl\-Ar750_firmware, Gl\-Ar750s_firmware, Gl\-Ax1800_firmware, Gl\-Axt1800_firmware, Gl\-B1300_firmware, Gl\-B2200_firmware, Gl\-E750_firmware, Gl\-Mifi_firmware, Gl\-Mt1300_firmware, Gl\-Mt2500_firmware, Gl\-Mt2500a_firmware, Gl\-Mt3000_firmware, Gl\-Mt300n\-V2_firmware, Gl\-Mv1000_firmware, Gl\-Mv1000w_firmware, Gl\-S10_firmware, Gl\-S1300_firmware, Gl\-S200_firmware, Gl\-S20_firmware, Gl\-Sf1200_firmware, Gl\-Sft1200_firmware, Gl\-Usb150_firmware, Gl\-X1200_firmware, Gl\-X3000_firmware, Gl\-X300b_firmware, Gl\-X750_firmware, Gl\-Xe300_firmware, Microuter\-N300_firmware 7.5
2023-05-09 CVE-2023-31478 An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. Gl\-A1300_firmware, Gl\-Ap1300_firmware, Gl\-Ap1300lte_firmware, Gl\-Ar300m_firmware, Gl\-Ar750_firmware, Gl\-Ar750s_firmware, Gl\-Ax1800_firmware, Gl\-Axt1800_firmware, Gl\-B1300_firmware, Gl\-B2200_firmware, Gl\-E750_firmware, Gl\-Mifi_firmware, Gl\-Mt1300_firmware, Gl\-Mt2500_firmware, Gl\-Mt2500a_firmware, Gl\-Mt3000_firmware, Gl\-Mt300n\-V2_firmware, Gl\-Mv1000_firmware, Gl\-Mv1000w_firmware, Gl\-S10_firmware, Gl\-S1300_firmware, Gl\-S200_firmware, Gl\-S20_firmware, Gl\-Sf1200_firmware, Gl\-Sft1200_firmware, Gl\-Usb150_firmware, Gl\-X1200_firmware, Gl\-X3000_firmware, Gl\-X300b_firmware, Gl\-X750_firmware, Gl\-Xe300_firmware, Microuter\-N300_firmware 7.5
2023-05-09 CVE-2023-31472 An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Gl\-A1300_firmware, Gl\-Ap1300_firmware, Gl\-Ap1300lte_firmware, Gl\-Ar300m_firmware, Gl\-Ar750_firmware, Gl\-Ar750s_firmware, Gl\-Ax1800_firmware, Gl\-Axt1800_firmware, Gl\-B1300_firmware, Gl\-B2200_firmware, Gl\-E750_firmware, Gl\-Mifi_firmware, Gl\-Mt1300_firmware, Gl\-Mt2500_firmware, Gl\-Mt2500a_firmware, Gl\-Mt3000_firmware, Gl\-Mt300n\-V2_firmware, Gl\-Mv1000_firmware, Gl\-Mv1000w_firmware, Gl\-S10_firmware, Gl\-S1300_firmware, Gl\-S200_firmware, Gl\-S20_firmware, Gl\-Sf1200_firmware, Gl\-Sft1200_firmware, Gl\-Usb150_firmware, Gl\-X1200_firmware, Gl\-X3000_firmware, Gl\-X300b_firmware, Gl\-X750_firmware, Gl\-Xe300_firmware, Microuter\-N300_firmware 7.5
2023-05-09 CVE-2023-31474 An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name. Gl\-A1300_firmware, Gl\-Ap1300_firmware, Gl\-Ap1300lte_firmware, Gl\-Ar300m_firmware, Gl\-Ar750_firmware, Gl\-Ar750s_firmware, Gl\-Ax1800_firmware, Gl\-Axt1800_firmware, Gl\-B1300_firmware, Gl\-B2200_firmware, Gl\-E750_firmware, Gl\-Mifi_firmware, Gl\-Mt1300_firmware, Gl\-Mt2500_firmware, Gl\-Mt2500a_firmware, Gl\-Mt3000_firmware, Gl\-Mt300n\-V2_firmware, Gl\-Mv1000_firmware, Gl\-Mv1000w_firmware, Gl\-S10_firmware, Gl\-S1300_firmware, Gl\-S200_firmware, Gl\-S20_firmware, Gl\-Sf1200_firmware, Gl\-Sft1200_firmware, Gl\-Usb150_firmware, Gl\-X1200_firmware, Gl\-X3000_firmware, Gl\-X300b_firmware, Gl\-X750_firmware, Gl\-Xe300_firmware, Microuter\-N300_firmware 7.5