writeups.xyz / GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown

Submitter : c2a

Date: 26 October 2022

Bounty : undisclosed

Vulnerabilities :

• OS Command Injection
• Arbitrary File Read
• Information Disclosure
• Account Takeover
• Stored XSS
• Lack of Rate Limiting
• Weak Credentials
• Password Policy Bypass

Programs :

• GL.iNet

Authors :

• Olivier Laflamme (@Olivier_boschko)

Link :
https://boschko.ca/glinet-router/