An issue exists on GL.iNet devices prior to 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
gl-inet gl-s20_firmware |
||
gl-inet gl-x3000_firmware |
||
gl-inet gl-mt3000_firmware |
||
gl-inet gl-mt2500_firmware |
||
gl-inet gl-mt2500a_firmware |
||
gl-inet gl-axt1800_firmware |
||
gl-inet gl-a1300_firmware |
||
gl-inet gl-ax1800_firmware |
||
gl-inet gl-sft1200_firmware |
||
gl-inet gl-mt1300_firmware |
||
gl-inet gl-e750_firmware |
||
gl-inet gl-mv1000_firmware |
||
gl-inet gl-mv1000w_firmware |
||
gl-inet gl-s10_firmware |
||
gl-inet gl-s200_firmware |
||
gl-inet gl-s1300_firmware |
||
gl-inet gl-sf1200_firmware |
||
gl-inet gl-b1300_firmware |
||
gl-inet gl-b2200_firmware |
||
gl-inet gl-ap1300_firmware |
||
gl-inet gl-ap1300lte_firmware |
||
gl-inet gl-x1200_firmware |
||
gl-inet gl-x750_firmware |
||
gl-inet gl-x300b_firmware |
||
gl-inet gl-xe300_firmware |
||
gl-inet gl-ar750s_firmware |
||
gl-inet gl-ar750_firmware |
||
gl-inet gl-mifi_firmware |
||
gl-inet gl-mt300n-v2_firmware |
||
gl-inet gl-ar300m_firmware |
||
gl-inet gl-usb150_firmware |
||
gl-inet microuter-n300_firmware |
Vulmon