Published: 12/12/2023 Updated: 14/12/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gl-inet gl-ar300m_firmware 4.3.7

Check Point Reference: CPAI-2023-1479 Date Published: 22 Jan 2024 Severity: High ...

GLiNet AR300M versions 437 and below suffer from an arbitrary file writing vulnerability ...

Exploits for GL.iNet CVE-2023-46454, CVE-2023-46455 and CVE-2023-46456

GLiNet Multiple Vulnerabilities This repository contains the exploits of the following vulnerabilities: CVE-2023-46454: In GLiNET GL-AR300M routers with firmware v437, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality CVE-2023-46455: In GLiNET GL-AR300M routers with firmware v437, it is possible to

CWE-22 https://www.gl-inet.com/https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/https://nvd.nist.gov https://github.com/cyberaz0r/GL.iNet-Multiple-Vulnerabilities https://packetstormsecurity.com/files/177399/GL.iNet-AR300M-4.3.7-Arbitrary-File-Write.html https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1479.html

CVE-2023-46455

Vulnerability Summary

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect