Published: 12/12/2023 Updated: 14/12/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gl-inet gl-ar300m_firmware 4.3.7

Check Point Reference: CPAI-2023-1574 Date Published: 13 Mar 2024 Severity: Critical ...

GLiNet AR300M versions 437 and below suffer from an OpenVPN client related remote code execution vulnerability ...

Exploits for GL.iNet CVE-2023-46454, CVE-2023-46455 and CVE-2023-46456

GLiNet Multiple Vulnerabilities This repository contains the exploits of the following vulnerabilities: CVE-2023-46454: In GLiNET GL-AR300M routers with firmware v437, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality CVE-2023-46455: In GLiNET GL-AR300M routers with firmware v437, it is possible to

CWE-78 https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/https://nvd.nist.gov https://github.com/cyberaz0r/GL.iNet-Multiple-Vulnerabilities https://packetstormsecurity.com/files/177400/GL.iNet-AR300M-4.3.7-Remote-Code-Execution.html https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1574.html

CVE-2023-46454

Vulnerability Summary

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect