vendor:
GL-AR300M-Lite
by:
Pasquale Turi aka boombyte
8.8
CVSS
HIGH
Command injection, Arbitrary file download, Directory Traversal
78
CWE
Product Name: GL-AR300M-Lite
Affected Version From: Firmware version 2.27
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2019-6272, CVE-2019-6273, CVE-2019-6274
CPE: o:gl-inet:gl-ar300m_lite_firmware:2.27
Platforms Tested:
2019
GL-AR300M-Lite Authenticated Command injection – Arbitrary file download – Directory Traversal
The GL-AR300M-Lite router is vulnerable to multiple vulnerabilities, including command injection (CVE-2019-6272), arbitrary file download (CVE-2019-6273), and directory traversal (CVE-2019-6274). These vulnerabilities allow an authenticated attacker to execute arbitrary commands, download arbitrary files, and traverse directories on the affected router.
Mitigation:
Upgrade to a patched version of the firmware.