PT-2022-20978 · Gl.Inet · Gl-Inet Gl-Ax1800 Flint+1
Olivier Laflamme
·
Published
2022-10-27
·
Updated
2022-11-17
·
CVE-2022-31898
CVSS v3.1
6.8
Medium
| Vector | AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
gl-inet GL-MT300N-V2 Mango version 3.212
gl-inet GL-AX1800 Flint version 3.214
Description
The issue concerns command injection vulnerabilities. These vulnerabilities can be exploited via the
ping addr and trace addr function parameters.Recommendations
For gl-inet GL-MT300N-V2 Mango version 3.212, avoid using the
ping addr and trace addr function parameters until a fix is available.
For gl-inet GL-AX1800 Flint version 3.214, restrict access to the ping addr and trace addr function parameters to minimize the risk of exploitation.Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gl-Inet Gl-Ax1800 Flint
Gl-Inet Gl-Mt300N-V2 Mango