Search a vulnerability

cve-2025-2851

Vulnerability from cvelistv5

Published

2025-04-26 08:00

Modified

2025-04-28 18:09

Severity ?

8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

GL.iNet GL-A1300 Slate Plus RPC plugins.so buffer overflow

References

▼	URL	Tags
	https://vuldb.com/?id.306288	vdb-entry
	https://vuldb.com/?ctiid.306288	signature, permissions-required
	https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/	patch

Impacted products

▼	Vendor	Product
	GL.iNet	GL-A1300 Slate Plus
	GL.iNet	GL-AR300M16 Shadow
	GL.iNet	GL-AR300M Shadow
	GL.iNet	GL-AR750 Creta
	GL.iNet	GL-AR750S-EXT Slate
	GL.iNet	GL-AX1800 Flint
	GL.iNet	GL-AXT1800 Slate AX
	GL.iNet	GL-B1300 Convexa-B
	GL.iNet	GL-B3000 Marble
	GL.iNet	GL-BE3600 Slate 7
	GL.iNet	GL-E750
	GL.iNet	GL-E750V2 Mudi
	GL.iNet	GL-MT300N-V2 Mango
	GL.iNet	GL-MT1300 Beryl
	GL.iNet	GL-MT2500 Brume 2
	GL.iNet	GL-MT3000 Beryl AX
	GL.iNet	GL-MT6000 Flint 2
	GL.iNet	GL-SFT1200 Opal
	GL.iNet	GL-X300B Collie
	GL.iNet	GL-X750 Spitz
	GL.iNet	GL-X3000 Spitz AX
	GL.iNet	GL-XE300 Puli
	GL.iNet	GL-XE3000 Puli AX

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2851",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-28T18:06:30.255746Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-28T18:09:44.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-A1300 Slate Plus",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-AR300M16 Shadow",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-AR300M Shadow",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-AR750 Creta",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-AR750S-EXT Slate",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-AX1800 Flint",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-AXT1800 Slate AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-B1300 Convexa-B",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-B3000 Marble",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-BE3600 Slate 7",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-E750",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-E750V2 Mudi",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-MT300N-V2 Mango",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-MT1300 Beryl",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-MT2500 Brume 2",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-MT3000 Beryl AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-MT6000 Flint 2",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-SFT1200 Opal",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-X300B Collie",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-X750 Spitz",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-X3000 Spitz AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-XE300 Puli",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "RPC Handler"
          ],
          "product": "GL-XE3000 Puli AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. Affected is an unknown function of the file plugins.so of the component RPC Handler. The manipulation leads to buffer overflow. It is recommended to upgrade the affected component."
        },
        {
          "lang": "de",
          "value": "Es wurde eine kritische Schwachstelle in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei plugins.so der Komponente RPC Handler. Durch Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.7,
            "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-26T08:00:08.117Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-306288 | GL.iNet GL-A1300 Slate Plus RPC plugins.so buffer overflow",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.306288"
        },
        {
          "name": "VDB-306288 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.306288"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-26T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-04-26T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-04-26T08:38:35.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "GL.iNet GL-A1300 Slate Plus RPC plugins.so buffer overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-2851",
    "datePublished": "2025-04-26T08:00:08.117Z",
    "dateReserved": "2025-03-27T06:21:23.874Z",
    "dateUpdated": "2025-04-28T18:09:44.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2025-2850

Vulnerability from cvelistv5

Published

2025-04-26 07:31

Modified

2025-04-28 18:09

Severity ?

5.1 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.5 (Low) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

GL.iNet GL-A1300 Slate Plus Download Interface improper authorization

References

▼	URL	Tags
	https://vuldb.com/?id.306287	vdb-entry
	https://vuldb.com/?ctiid.306287	signature, permissions-required
	https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/	patch

Impacted products

▼	Vendor	Product
	GL.iNet	GL-A1300 Slate Plus
	GL.iNet	GL-AR300M16 Shadow
	GL.iNet	GL-AR300M Shadow
	GL.iNet	GL-AR750 Creta
	GL.iNet	GL-AR750S-EXT Slate
	GL.iNet	GL-AX1800 Flint
	GL.iNet	GL-AXT1800 Slate AX
	GL.iNet	GL-B1300 Convexa-B
	GL.iNet	GL-B3000 Marble
	GL.iNet	GL-BE3600 Slate 7
	GL.iNet	GL-E750
	GL.iNet	GL-E750V2 Mudi
	GL.iNet	GL-MT300N-V2 Mango
	GL.iNet	GL-MT1300 Beryl
	GL.iNet	GL-MT2500 Brume 2
	GL.iNet	GL-MT3000 Beryl AX
	GL.iNet	GL-MT6000 Flint 2
	GL.iNet	GL-SFT1200 Opal
	GL.iNet	GL-X300B Collie
	GL.iNet	GL-X750 Spitz
	GL.iNet	GL-X3000 Spitz AX
	GL.iNet	GL-XE300 Puli
	GL.iNet	GL-XE3000 Puli AX

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2850",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-28T18:07:02.103624Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-28T18:09:52.772Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-A1300 Slate Plus",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-AR300M16 Shadow",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-AR300M Shadow",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-AR750 Creta",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-AR750S-EXT Slate",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-AX1800 Flint",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-AXT1800 Slate AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-B1300 Convexa-B",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-B3000 Marble",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-BE3600 Slate 7",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-E750",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-E750V2 Mudi",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-MT300N-V2 Mango",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-MT1300 Beryl",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-MT2500 Brume 2",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-MT3000 Beryl AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-MT6000 Flint 2",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-SFT1200 Opal",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-X300B Collie",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-X750 Spitz",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-X3000 Spitz AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-XE300 Puli",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "Download Interface"
          ],
          "product": "GL-XE3000 Puli AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Download Interface. Durch die Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.7,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-26T07:31:03.631Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-306287 | GL.iNet GL-A1300 Slate Plus Download Interface improper authorization",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.306287"
        },
        {
          "name": "VDB-306287 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.306287"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-26T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-04-26T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-04-26T08:38:33.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "GL.iNet GL-A1300 Slate Plus Download Interface improper authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-2850",
    "datePublished": "2025-04-26T07:31:03.631Z",
    "dateReserved": "2025-03-27T06:21:21.419Z",
    "dateUpdated": "2025-04-28T18:09:52.772Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2025-2811

Vulnerability from cvelistv5

Published

2025-04-26 07:00

Modified

2025-04-28 18:09

Severity ?

6.9 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.7 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

GL.iNet GL-A1300 Slate Plus API redos

References

▼	URL	Tags
	https://vuldb.com/?id.306286	vdb-entry
	https://vuldb.com/?ctiid.306286	signature, permissions-required
	https://vuldb.com/?submit.524459	third-party-advisory
	https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Calling%20a%20special%20API%20that%20doesn't%20require%20login%20and%20passing%20in%20a%20special%20character%20parameter%20results%20in%20100%25%20CPU%20usage.md	related
	https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/	patch

Impacted products

▼	Vendor	Product
	GL.iNet	GL-A1300 Slate Plus
	GL.iNet	GL-AR300M16 Shadow
	GL.iNet	GL-AR300M Shadow
	GL.iNet	GL-AR750 Creta
	GL.iNet	GL-AR750S-EXT Slate
	GL.iNet	GL-AX1800 Flint
	GL.iNet	GL-AXT1800 Slate AX
	GL.iNet	GL-B1300 Convexa-B
	GL.iNet	GL-B3000 Marble
	GL.iNet	GL-BE3600 Slate 7
	GL.iNet	GL-E750
	GL.iNet	GL-E750V2 Mudi
	GL.iNet	GL-MT300N-V2 Mango
	GL.iNet	GL-MT1300 Beryl
	GL.iNet	GL-MT2500 Brume 2
	GL.iNet	GL-MT3000 Beryl AX
	GL.iNet	GL-MT6000 Flint 2
	GL.iNet	GL-SFT1200 Opal
	GL.iNet	GL-X300B Collie
	GL.iNet	GL-X750 Spitz
	GL.iNet	GL-X3000 Spitz AX
	GL.iNet	GL-XE300 Puli
	GL.iNet	GL-XE3000 Puli AX

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2811",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-28T18:07:38.354152Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-28T18:09:59.404Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Calling%20a%20special%20API%20that%20doesn\u0027t%20require%20login%20and%20passing%20in%20a%20special%20character%20parameter%20results%20in%20100%25%20CPU%20usage.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "API"
          ],
          "product": "GL-A1300 Slate Plus",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-AR300M16 Shadow",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-AR300M Shadow",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-AR750 Creta",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-AR750S-EXT Slate",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-AX1800 Flint",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-AXT1800 Slate AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-B1300 Convexa-B",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-B3000 Marble",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-BE3600 Slate 7",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-E750",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-E750V2 Mudi",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-MT300N-V2 Mango",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-MT1300 Beryl",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-MT2500 Brume 2",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-MT3000 Beryl AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-MT6000 Flint 2",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-SFT1200 Opal",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-X300B Collie",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-X750 Spitz",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-X3000 Spitz AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-XE300 Puli",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-XE3000 Puli AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pan.li (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to inefficient regular expression complexity. It is recommended to upgrade the affected component."
        },
        {
          "lang": "de",
          "value": "In GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente API. Mit der Manipulation mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.5,
            "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-26T07:00:05.770Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-306286 | GL.iNet GL-A1300 Slate Plus API redos",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.306286"
        },
        {
          "name": "VDB-306286 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.306286"
        },
        {
          "name": "Submit #524459 | glinet MT6000 /MT3000 /MT2500 /AXT1800 /AX1800 /B3000 /A1300 /X300B /X3000 /XE3000 /X750 /SFT1200 /MT1300 /E750 /XE300 /AR750 /AR750S / v4.x Large or infinite loop",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.524459"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Calling%20a%20special%20API%20that%20doesn\u0027t%20require%20login%20and%20passing%20in%20a%20special%20character%20parameter%20results%20in%20100%25%20CPU%20usage.md"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-26T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-04-26T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-04-26T08:38:01.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "GL.iNet GL-A1300 Slate Plus API redos"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-2811",
    "datePublished": "2025-04-26T07:00:05.770Z",
    "dateReserved": "2025-03-26T12:11:36.452Z",
    "dateUpdated": "2025-04-28T18:09:59.404Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

All the vulnerabilites related to GL.iNet - GL-MT1300 Beryl

cve-2025-2851

Vulnerability from cvelistv5

cve-2025-2850

Vulnerability from cvelistv5

cve-2025-2811

Vulnerability from cvelistv5