← Back

Gl Axt1800 Firmware

gl-axt1800_firmware

Vendor: Gl Inet • 13 CVEs

CVEs (13)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-67089
1Gl Inet
1Gl Axt1800 Firmware
Jan 16, 2026
Jan 8, 2026
N/A· v4
8.1 HIGH· v3
N/A· v2
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package...Show more
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands with root privilegesShow less
CVE-2023-50920
1Gl Inet
12Gl A1300 Firmware
Gl Ar300m FirmwareGl Ar750 Firmware+9 more
Jun 17, 2025
Jan 12, 2024
N/A· v4
5.5 MEDIUM· v3
N/A· v2
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authenticatio...Show more
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.Show less
CVE-2023-50919
1Gl Inet
12Gl A1300 Firmware
Gl Ar300m FirmwareGl Ar750 Firmware+9 more
Jun 3, 2025
Jan 12, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6,...Show more
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.Show less
CVE-2023-50921
1Gl Inet
12Gl A1300 Firmware
Gl Ar300m FirmwareGl Ar750 Firmware+9 more
Jun 18, 2025
Jan 3, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2...Show more
An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.Show less
CVE-2023-50922
1Gl Inet
12Gl A1300 Firmware
Gl Ar300m FirmwareGl Ar750 Firmware+9 more
Jun 3, 2025
Jan 3, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its...Show more
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.Show less
CVE-2023-50445
1Gl Inet
12Gl A1300 Firmware
Gl Ar300m FirmwareGl Ar750 Firmware+9 more
Nov 21, 2024
Dec 28, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3....Show more
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.Show less
CVE-2023-31475
1Gl Inet
32Gl A1300 Firmware
Gl Ap1300 FirmwareGl Ap1300lte Firmware+29 more
Jan 27, 2025
May 11, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a...Show more
An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.Show less
CVE-2023-31473
1Gl Inet
32Gl A1300 Firmware
Gl Ap1300 FirmwareGl Ap1300lte Firmware+29 more
Jan 27, 2025
May 11, 2023
N/A· v4
4.9 MEDIUM· v3
N/A· v2
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filte...Show more
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file.Show less
CVE-2023-31477
1Gl Inet
32Gl A1300 Firmware
Gl Ap1300 FirmwareGl Ap1300lte Firmware+29 more
Jan 27, 2025
May 11, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction t...Show more
A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path.Show less
CVE-2023-31471
1Gl Inet
32Gl A1300 Firmware
Gl Ap1300 FirmwareGl Ap1300lte Firmware+29 more
Jan 27, 2025
May 10, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package...Show more
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL.Show less
CVE-2023-31478
1Gl Inet
32Gl A1300 Firmware
Gl Ap1300 FirmwareGl Ap1300lte Firmware+29 more
Jan 29, 2025
May 9, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.
CVE-2023-31474
1Gl Inet
32Gl A1300 Firmware
Gl Ap1300 FirmwareGl Ap1300lte Firmware+29 more
Jan 29, 2025
May 9, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directo...Show more
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.Show less
CVE-2023-31472
1Gl Inet
32Gl A1300 Firmware
Gl Ap1300 FirmwareGl Ap1300lte Firmware+29 more
Jan 29, 2025
May 9, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filte...Show more
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.Show less