CVE-2025-2851

Name of the Vulnerable Software and Affected Versions GL.iNet GL-A1300 Slate Plus version 4.x GL.iNet GL-AR300M16 Shadow version 4.x GL.iNet GL-AR300M Shadow version 4.x GL.iNet GL-AR750 Creta version 4.x GL.iNet GL-AR750S-EXT Slate version 4.x GL.iNet GL-AX1800 Flint version 4.x GL.iNet GL-AXT1800 Slate AX version 4.x GL.iNet GL-B1300 Convexa-B version 4.x GL.iNet GL-B3000 Marble version 4.x GL.iNet GL-BE3600 Slate 7 version 4.x GL.iNet GL-E750 version 4.x GL.iNet GL-E750V2 Mudi version 4.x GL.iNet GL-MT300N-V2 Mango version 4.x GL.iNet GL-MT1300 Beryl version 4.x GL.iNet GL-MT2500 Brume 2 version 4.x GL.iNet GL-MT3000 Beryl AX version 4.x GL.iNet GL-MT6000 Flint 2 version 4.x GL.iNet GL-SFT1200 Opal version 4.x GL.iNet GL-X300B Collie version 4.x GL.iNet GL-X750 Spitz version 4.x GL.iNet GL-X3000 Spitz AX version 4.x GL.iNet GL-XE300 Puli version 4.x GL.iNet GL-XE3000 Puli AX version 4.x

Description A critical vulnerability has been found in the RPC Handler component of the affected GL.iNet devices. The issue is related to an unknown function of the file plugins.so, which leads to a buffer overflow when manipulated.

Recommendations To resolve the issue, it is recommended to upgrade the affected component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.