GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
The vulnerability (CWE-77) consists of insufficient filtering of input data passed to the set_config function. An attacker can prepare specially crafted input containing malicious system commands that will be executed by the device in the context of the operating system. Due to the network vector (AV:N) and lack of authentication requirements (PR:N) and user interaction (UI:N), the exploit can be performed remotely over the network.
An attacker can execute arbitrary system commands on the device, resulting in a complete breach of confidentiality, integrity, and availability of the system — including the possibility of taking full control of the router.
Patches available from the manufacturer should be applied according to the references. As a temporary measure, it is recommended to restrict access to the device management interface exclusively to trusted local networks and block access from the WAN.
GL-iNet GL-AR300M16 with firmware version v4.3.11
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGl Inet Ar300m16
HWGl-Inetwszystkie wersjeGl Inet Ar300m16 Firmware
OSGl-Inet4.3.11
Related vulnerabilities
Command injection w GL-iNet GL-AR300M16 via parametr module
Command injection w GL-iNet GL-AR300M16 — funkcja set_upgrade
Command injection w GL-iNet GL-AR300M16 — wykonanie dowolnych poleceń
RCE w firmware GL-iNet — obejście mechanizmu logowania
GL-iNet: RCE i path traversal w /cgi-bin/glc bez uwierzytelnienia