本ページは gl-inet gl-e750_firmware に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-24261 | A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request. | [email protected] | 7.2 | 6.58% | 2023-06-21 | 2024-12-06 |
| CVE-2023-31475 | An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer. | [email protected] | 9.8 | 22.11% | 2023-05-11 | 2025-01-27 |
| CVE-2023-31473 | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file. | [email protected] | 4.9 | 2.54% | 2023-05-11 | 2025-01-27 |
| CVE-2023-31477 | A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path. | [email protected] | 7.5 | 0.43% | 2023-05-11 | 2025-01-27 |
| CVE-2023-31471 | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL. | [email protected] | 9.8 | 0.56% | 2023-05-10 | 2025-01-27 |
| CVE-2023-31478 | An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. | [email protected] | 7.5 | 85.91% | 2023-05-09 | 2025-01-29 |
| CVE-2023-31474 | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name. | [email protected] | 7.5 | 0.32% | 2023-05-09 | 2025-01-29 |
| CVE-2023-31472 | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. | [email protected] | 7.5 | 26.62% | 2023-05-09 | 2025-01-29 |