Shell Injection vulnerability GL.iNet A1300 v4.4.6,...
High severity
Unreviewed
Published
Dec 28, 2023
to the GitHub Advisory Database
•
Updated Jul 3, 2024
Description
Published by the National Vulnerability Database
Dec 28, 2023
Published to the GitHub Advisory Database
Dec 28, 2023
Last updated
Jul 3, 2024
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.
References