gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.
References
Link | Resource |
---|---|
https://boschko.ca/glinet-router | Exploit Third Party Advisory |
Configurations
History
01 Nov 2022, 12:56
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
31 Oct 2022, 15:48
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ax1800_firmware:3.214:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:3.212:*:*:*:*:*:*:* cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:* |
|
CWE | CWE-78 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Gl-inet gl-mt300n-v2 Firmware
Gl-inet gl-ax1800 Gl-inet gl-ax1800 Firmware Gl-inet gl-mt300n-v2 Gl-inet |
|
References | (MISC) https://boschko.ca/glinet-routerĀ - Exploit, Third Party Advisory |
27 Oct 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-27 18:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-31898
Mitre link : CVE-2022-31898
CVE.ORG link : CVE-2022-31898
JSON object : View
Products Affected
gl-inet
- gl-ax1800_firmware
- gl-mt300n-v2
- gl-mt300n-v2_firmware
- gl-ax1800
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')