Boombyte

**Name of the Vulnerable Software and Affected Versions** GL.iNet GL-AR300M-Lite version 2.27 **Description** A command injection issue in the login cgi of GL.iNet GL-AR300M-Lite devices allows remote attackers to execute arbitrary code. **Recommendations** For version 2.27, update the firmware to a version that addresses this issue.

**Name of the Vulnerable Software and Affected Versions** GL.iNet GL-AR300M-Lite version 2.27 **Description** The issue allows remote attackers to download arbitrary files due to the `download file` in the firmware. **Recommendations** For version 2.27, update to a newer version that contains a fix for this issue.