exploitDog

GHSA-56fm-mg9v-8c3h

Опубликовано: 12 дек. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.

Ссылки

EPSS

Процентиль: 95%

0.15671

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78

Связанные уязвимости

CVE-2023-46454

CVSS3: 9.8

nvd

около 2 лет назад

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.

EPSS

Процентиль: 95%

0.15671

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78