An issue exists on GL.iNet devices prior to 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gl-inet gl-s20 firmware |
||
gl-inet gl-x3000 firmware |
||
gl-inet gl-mt3000 firmware |
||
gl-inet gl-mt2500 firmware |
||
gl-inet gl-mt2500a firmware |
||
gl-inet gl-axt1800 firmware |
||
gl-inet gl-a1300 firmware |
||
gl-inet gl-ax1800 firmware |
||
gl-inet gl-sft1200 firmware |
||
gl-inet gl-mt1300 firmware |
||
gl-inet gl-e750 firmware |
||
gl-inet gl-mv1000 firmware |
||
gl-inet gl-mv1000w firmware |
||
gl-inet gl-s10 firmware |
||
gl-inet gl-s200 firmware |
||
gl-inet gl-s1300 firmware |
||
gl-inet gl-sf1200 firmware |
||
gl-inet gl-b1300 firmware |
||
gl-inet gl-b2200 firmware |
||
gl-inet gl-ap1300 firmware |
||
gl-inet gl-ap1300lte firmware |
||
gl-inet gl-x1200 firmware |
||
gl-inet gl-x750 firmware |
||
gl-inet gl-x300b firmware |
||
gl-inet gl-xe300 firmware |
||
gl-inet gl-ar750s firmware |
||
gl-inet gl-ar750 firmware |
||
gl-inet gl-mifi firmware |
||
gl-inet gl-mt300n-v2 firmware |
||
gl-inet gl-ar300m firmware |
||
gl-inet gl-usb150 firmware |
||
gl-inet microuter-n300 firmware |