Описание
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path.
Затрагиваемое ПО
Gl-inet Mt2500 firmwareGl-inet Mt2500Gl-inet Axt1800 firmwareGl-inet Axt1800Gl-inet Ax1800 firmwareGl-inet Ax1800Gl-inet B3000 firmwareGl-inet B3000Gl-inet A1300 firmwareGl-inet A1300Gl-inet X300b firmwareGl-inet X300bGl-inet X3000 firmwareGl-inet X3000Gl-inet Xe3000 firmwareGl-inet Xe3000Gl-inet X750 firmwareGl-inet X750Gl-inet Sft1200 firmwareGl-inet Sft1200Gl-inet Mt1300 firmwareGl-inet Mt1300Gl-inet E750 firmwareGl-inet E750Gl-inet Xe300 firmware
CVSS
| Балл | 8.8 — высокая |
| Вектор | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Источники
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Improper%20Pathname%20Restriction%20Leading%20to%20Path%20Traversal%20in%20Restricted%20Directories.md