GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. These vulnerabilities allow attackers to execute arbitrary commands via a crafted input.
Vulnerabilities occur in the set_upgrade function, which processes input parameters: modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type. Data passed through these parameters are not properly validated or sanitized before use in system commands. An attacker can craft malicious parameter values containing additional system commands that will be executed by the device with the privileges of the process handling the request.
An attacker can remotely execute arbitrary system commands on the device (RCE), leading to complete takeover of the router, breach of data confidentiality and integrity, and potential disruption of network service availability.
Patches available from the manufacturer should be applied according to the references. Until updating, it is recommended to restrict access to the device's administration panel exclusively to trusted local networks and disable remote management over the internet.
GL-iNet GL-AR300M16 Firmware version v4.3.11
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGl Inet Ar300m16
HWGl-Inetwszystkie wersjeGl Inet Ar300m16 Firmware
OSGl-Inet4.3.11
Related vulnerabilities
Command injection w GL-iNet GL-AR300M16 via parametr module
Command injection w GL-iNet GL-AR300M16 via set_config
Command injection w GL-iNet GL-AR300M16 β wykonanie dowolnych poleceΕ
RCE w firmware GL-iNet β obejΕcie mechanizmu logowania
GL-iNet: RCE i path traversal w /cgi-bin/glc bez uwierzytelnienia