In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.
Exploits for GL.iNet CVE-2023-46454, CVE-2023-46455 and CVE-2023-46456
GLiNet Multiple Vulnerabilities
This repository contains the exploits of the following vulnerabilities:
CVE-2023-46454: In GLiNET GL-AR300M routers with firmware v437, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality
CVE-2023-46455: In GLiNET GL-AR300M routers with firmware v437, it is possible to