These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A command injection vulnerability has been discovered in GL.iNet GL-MT3000 up to 4.4.5. The vulnerability affects the SET_USER_PWD Handler in the /cgi-bin/glc file, specifically in the FUN_0042e200 function. The manipulation of the Password argument leads to command injection, allowing remote attackers to execute arbitrary commands. The vulnerability has a CVSS score of 6.9 and is classified as MEDIUM sev [truncated]
A vulnerability was discovered in GL.iNet GL-MT3000 version 4.4.5. The issue lies in the snprintf function of the /cgi-bin/glc file within the FTP Protocol Handler component. An attacker can exploit this by manipulating the media_dir argument, leading to command injection. This attack can be launched remotely. The vulnerability has a CVSS score of 6.9 and is classified as MEDIUM severity. The issue is res [truncated]
A command injection vulnerability was detected in GL.iNet GL-MT3000 version 4.4.5. This vulnerability affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. An attacker can manipulate the argument dev_name to inject commands, allowing for a remote attack. The vulnerability has a CVSS score of 6.9 and is classified as MEDIUM severity. Upgrading to ve [truncated]
A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to version 4.7 is sufficient to fix this issue. It is recommended to upgrade the affected component. The vendor co [truncated]
A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 4.9.0_beta3-1012-0513-1778656146 is able to resolve this i [truncated]