Gl Inet: community verdicts
3 notable / known-exploited Gl Inet CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Gl Inet CVE, see NVD ↗.
- CVE-2023-29778CRIT 9.8EPSS 18%
GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread.
- CVE-2023-33621MED 5.9EPSS 1%
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay.
- CVE-2023-33620MED 5.9EPSS 1%
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack.