Aggregates CVE and security vulnerability intelligence across all mitrastar-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk command injection and related security problems, affecting vendor surface automated decompression, vendor surface archive handling, and vendor surface file processing scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-33381 | A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function. | [email protected] | 7.2 | 59.75% | 2023-06-06 | 2025-01-08 |
| CVE-2023-30065 | MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote code execution (RCE) vulnerability in the ping function. | [email protected] | 8.8 | 2.42% | 2023-05-05 | 2025-01-29 |
| CVE-2021-42165 | MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path". | [email protected] | 8.8 | 39.55% | 2022-05-03 | 2024-11-21 |
| CVE-2017-16523 | MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented. | [email protected] | 9.8 | 2.91% | 2017-11-03 | 2026-05-13 |
| CVE-2017-16522 | MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute. | [email protected] | 8.8 | 1.62% | 2017-11-03 | 2026-05-13 |