Strforexc

**Name of the Vulnerable Software and Affected Versions** GL.iNet GL-MT3000 versions prior to 4.7 **Description** Remote command injection is possible within the Online Firmware Upgrade Handler component. The issue resides in the `/usr/bin/one click upgrade` file, where improper handling of functionality allows an attacker to execute arbitrary commands remotely. **Recommendations** Update to version 4.7.

**Name of the Vulnerable Software and Affected Versions** GL.iNet GL-MT3000 versions prior to 4.7 **Description** A command injection flaw exists in the Tor Proxy Service Configuration Handler. The issue is located within the `replace country()` function in the `/usr/lib/oui-httpd/rpc/tor` library, allowing a remote attacker to execute arbitrary commands. **Recommendations** Upgrade to version 4.7.

**Name of the Vulnerable Software and Affected Versions** GL.iNet GL-MT3000 versions prior to 4.7 **Description** A command injection flaw exists in the Minidlna Service component. A remote attacker can exploit this by manipulating the `kube.set` argument within the `realpath()` function of the '/rpc' file. Command injection occurs when an application executes arbitrary system commands due to insufficient validation of user-supplied input. **Recommendations** Upgrade to version 4.7.

**Name of the Vulnerable Software and Affected Versions** GL.iNet GL-MT3000 versions prior to 4.8.1 **Description** A command injection issue exists in the LuCI JSON-RPC Interface. A remote attacker can exploit this by manipulating the `rpc sys()` function within the '/cgi-bin/luci/rpc' file. **Recommendations** Update to version 4.8.1. As a temporary mitigation, restrict access to the '/cgi-bin/luci/rpc' endpoint or disable the LuCI JSON-RPC Interface component.

**Name of the Vulnerable Software and Affected Versions** GL.iNet GL-MT3000 versions prior to 4.7 **Description** A remote command injection flaw exists in the MTK Backend component within the `iwinfo backend()` function of the `iwinfo.so` file. The issue occurs when the `device` argument is manipulated, allowing an attacker to execute arbitrary commands remotely. **Recommendations** Update to version 4.7. Upgrade the affected MTK Backend component.

**Name of the Vulnerable Software and Affected Versions** GL.iNet GL-MT3000 versions prior to 4.8.1 **Description** Command injection is possible via a remote attack in the SET USER PWD Handler component. The issue exists within the `FUN 0042e200()` function of the '/cgi-bin/glc' file, where improper manipulation of the `Password` argument allows for the execution of arbitrary commands. **Recommendations** Upgrade to version 4.8.1.

**Name of the Vulnerable Software and Affected Versions** GL.iNet GL-MT3000 versions prior to 4.7 **Description** An issue exists in the Path Normalization Handler component within the `/usr/lib/oui-httpd/rpc/` library. A remote attacker can perform command injection by manipulating the `dev name` argument passed to the `dlopen()` function. This allows for the remote execution of arbitrary commands via the `/rpc` endpoint. **Recommendations** Upgrade to version 4.7.

**Name of the Vulnerable Software and Affected Versions** GL.iNet GL-MT3000 versions prior to 4.8.1 **Description** A flaw in the FTP Protocol Handler component allows remote command injection. The issue exists within the `snprintf()` function of the `/cgi-bin/glc` file. By manipulating the `media dir` argument via the `/NAS API SET PROTO CONFIG` interface, an attacker can execute arbitrary commands on the system. **Recommendations** Update to version 4.8.1. As a temporary mitigation, restrict access to the `/NAS API SET PROTO CONFIG` interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GL.iNet MT3000 versions prior to 4.9.0 beta3-1012-0513-1778656146 **Description** Command injection is possible in the OpenVPN Client Import Workflow component via the `ovpnclient.sh` file. This issue allows remote exploitation when malicious OpenVPN configuration files are processed. **Recommendations** Upgrade to version 4.9.0 beta3-1012-0513-1778656146.