Main Vulnerability Database Vulnerabilities #VU108914

#VU108914 Improper Authorization in GL.iNet products - CVE-2025-2850

Published: May 12, 2025

Vulnerability identifier: #VU108914

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-2850

CWE-ID: CWE-285

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
GL-AX1800 Flint
GL-AXT1800 Slate AX
GL-MT2500 Brume 2
GL-MT3000 Beryl AX
GL-MT6000 Flint 2
GL-B3000 Marble
GL-A1300 Slate Plus
GL-X300B Collie
GL-X3000 Spitz AX
GL-XE3000 Puli AX
GL-SFT1200 Opal
GL-X750 Spitz
GL-MT1300 Beryl
GL-E750/GL-E750V2 Mudi
GL-XE300 Puli
GL-AR750 Creta
GL-AR750S-EXT Slate
GL-AR300M Shadow
GL-AR300M16 Shadow
GL-B1300 Convexa-B
GL-MT300N-V2 Mango
GL-BE3600 Slate 7

Software vendor:
GL.iNet

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to improper authorization. A remote user on the local network can cause arbitrary file download of router in download interfaces.

Remediation

Install updates from vendor's website.

External links

https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/

#VU108914 Improper Authorization in GL.iNet products - CVE-2025-2850

Description

Remediation

External links

Please verify you're human