Home/Product/gl inet gl mt3000 firmware
Product

gl inet gl mt3000 firmware

13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-50920
all versions
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing
5.5MEDIUM
 CVE-2023-50919
all versions
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern ma
9.8CRITICAL
 CVE-2023-50921
all versions
An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain
9.8CRITICAL
 CVE-2023-50922
all versions
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitr
7.2HIGH
 CVE-2023-50445
all versions
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT
7.8HIGH
 CVE-2023-31475
< 3.216
An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when
9.8CRITICAL
 CVE-2023-31473
< 3.216
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created an
4.9MEDIUM
 CVE-2023-31477
< 3.216
A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share a
7.5HIGH
 CVE-2023-31471
< 3.216
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbi
9.8CRITICAL
 CVE-2023-31478
< 3.216
An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, includ
7.5HIGH
 CVE-2023-31474
< 3.216
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbit
7.5HIGH
 CVE-2023-31472
< 3.216
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created an
7.5HIGH
 CVE-2023-29778
all versions
GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread.
9.8CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh