gl-inet

Top products

The 15 most recently published vulnerabilities affecting gl-inet.

• CVE-2026-32293GL-iNet Comet (GL-RM1) KVM insufficient certificate validation3.7Mar 17, 2026
• CVE-2026-32292GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting7.5Mar 17, 2026
• CVE-2026-32291GL-iNet Comet (GL-RM1) KVM unauthenticated root access via UART serial console6.8Mar 17, 2026
• CVE-2026-32290GL-iNet Comet (GL-RM1) KVM insufficient firmware verification4.7Mar 17, 2026
• CVE-2026-26795GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arb...9.8Mar 12, 2026
• CVE-2026-26794GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations vi...8.8Mar 12, 2026
• CVE-2026-26793GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted ...9.8Mar 12, 2026
• CVE-2026-26792GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, has...9.8Mar 12, 2026
• CVE-2026-26791GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to exec...9.8Mar 12, 2026
• CVE-2025-67091An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script...6.5Jan 8, 2026
• CVE-2025-67090The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mec...5.1Jan 8, 2026
• CVE-2025-67089A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize...8.1Jan 8, 2026
• CVE-2025-44018A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-...8.3Nov 24, 2025
• CVE-2024-45263An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the...8.8Oct 24, 2024
• CVE-2024-45262An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitr...8.8Oct 24, 2024