In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gl-inet gl-ar300m_firmware 4.3.7 |