CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.2%
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.
Vendor | Product | Version | CPE |
---|---|---|---|
gl-inet | gl-mt1300 | - | cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:* |
gl-inet | gl-mt1300_firmware | 4.3.7 | cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.3.7:*:*:*:*:*:*:* |
gl-inet | gl-mt300n-v2 | - | cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:* |
gl-inet | gl-mt300n-v2_firmware | 4.3.7 | cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.3.7:*:*:*:*:*:*:* |
gl-inet | gl-ar750s | - | cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:* |
gl-inet | gl-ar750s_firmware | 4.3.7 | cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.3.7:*:*:*:*:*:*:* |
gl-inet | gl-ar750 | - | cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:* |
gl-inet | gl-ar750_firmware | 4.3.7 | cpe:2.3:o:gl-inet:gl-ar750_firmware:4.3.7:*:*:*:*:*:*:* |
gl-inet | gl-ar300m | - | cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:* |
gl-inet | gl-ar300m_firmware | 4.3.7 | cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:* |