Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GL.iNet devices 命令注入漏洞
Vulnerability Description
GL.iNet devices是中国GL.iNet公司的一系列硬件设备。 GL.iNet devices 3.216之前版本存在安全漏洞,该漏洞源于允许在文件系统的任何位置创建一个空文件。攻击者利用该漏洞在使用root权限时读取任意文件名。
CVSS Information
N/A
Vulnerability Type
N/A