2023-05-09
|
CVE-2023-31472
|
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.
|
Gl\-A1300_firmware, Gl\-Ap1300_firmware, Gl\-Ap1300lte_firmware, Gl\-Ar300m_firmware, Gl\-Ar750_firmware, Gl\-Ar750s_firmware, Gl\-Ax1800_firmware, Gl\-Axt1800_firmware, Gl\-B1300_firmware, Gl\-B2200_firmware, Gl\-E750_firmware, Gl\-Mifi_firmware, Gl\-Mt1300_firmware, Gl\-Mt2500_firmware, Gl\-Mt2500a_firmware, Gl\-Mt3000_firmware, Gl\-Mt300n\-V2_firmware, Gl\-Mv1000_firmware, Gl\-Mv1000w_firmware, Gl\-S10_firmware, Gl\-S1300_firmware, Gl\-S200_firmware, Gl\-S20_firmware, Gl\-Sf1200_firmware, Gl\-Sft1200_firmware, Gl\-Usb150_firmware, Gl\-X1200_firmware, Gl\-X3000_firmware, Gl\-X300b_firmware, Gl\-X750_firmware, Gl\-Xe300_firmware, Microuter\-N300_firmware
|
7.5
|
|
|
2023-05-09
|
CVE-2023-31474
|
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.
|
Gl\-A1300_firmware, Gl\-Ap1300_firmware, Gl\-Ap1300lte_firmware, Gl\-Ar300m_firmware, Gl\-Ar750_firmware, Gl\-Ar750s_firmware, Gl\-Ax1800_firmware, Gl\-Axt1800_firmware, Gl\-B1300_firmware, Gl\-B2200_firmware, Gl\-E750_firmware, Gl\-Mifi_firmware, Gl\-Mt1300_firmware, Gl\-Mt2500_firmware, Gl\-Mt2500a_firmware, Gl\-Mt3000_firmware, Gl\-Mt300n\-V2_firmware, Gl\-Mv1000_firmware, Gl\-Mv1000w_firmware, Gl\-S10_firmware, Gl\-S1300_firmware, Gl\-S200_firmware, Gl\-S20_firmware, Gl\-Sf1200_firmware, Gl\-Sft1200_firmware, Gl\-Usb150_firmware, Gl\-X1200_firmware, Gl\-X3000_firmware, Gl\-X300b_firmware, Gl\-X750_firmware, Gl\-Xe300_firmware, Microuter\-N300_firmware
|
7.5
|
|
|