Security Advisories (Vulnerabilities and CVEs) Dec 1 2022

Dear all,

Here is a list of Vulnerabilities and CVEs of GL.iNet software, including Firmwares and Cloud products.

This does not include CVEs from OpenWrt.

This is annoucement other than discussion. To report Security bugs, pls send email to support at glinet.biz. We have a 90-day policy for vulnerability disclosure.

CVE-2022-31898

  • Summary: Command Injection in network tools in router firmware allows changing router settings
  • Affected software: Firmware 3.212 and earlier
  • Credits: Olivier Boschko Laflamme. Also thanks Erik Rye for reporting this independently
  • Attention: Users please upgrade firmware to 3.215 and newer

CVE-2022-42054

  • Summary: XSS in company name and description in Goodcloud allows attackers to get user right
  • Affected software: GoodCloud 1.0 and earlier
  • Credits: Olivier Boschko Laflamme

CVE-2022-42055

  • Summary: Command inject from Goodcloud allows attackers to gain control of users’ routers
  • Affected software: Firmware 3.212 and earlier, Goodcloud 1.0 and earlier
  • Credits: Olivier Boschko Laflamme

CVE-2022-44211

  • Summary: Inseure design allows attacker to gain control of user’s devices via device Cloud ID
  • Affected software: GoodCloud 1.0 and earlier
  • Credits: Goutham Rukmasah and Kushal Arvind Shah of Fortinet’s FortiGuard Labs

CVE-2022-44212

  • Summary: Inseure design allows attacker to have remote access of user’s devices via device ID
  • Affected software: GoodCloud 1.0 and earlier
  • Credits: Goutham Rukmasah and Kushal Arvind Shah of Fortinet’s FortiGuard Labs
8 Likes