API Vulnerability in GL.iNet Networking Products
CVE-2025-2811

6.9MEDIUM

Key Information:

Vendor: Gl.inet
Status: Gl-a1300 Slate Plus; Gl-ar300m16 Shadow; Gl-ar300m Shadow; Gl-ar750 Creta
Vendor: CVE Published:; 26 April 2025

What is CVE-2025-2811?

A vulnerability has been identified in various GL.iNet devices that involves an API component prone to inefficient regular expression processing. The vulnerability can lead to excessive CPU usage, potentially disrupting normal operations of affected devices. Users are strongly advised to update their devices to the latest firmware to mitigate the risk associated with this issue.

Affected Version(s)

GL-A1300 Slate Plus 4.x

GL-AR300M Shadow 4.x

GL-AR300M16 Shadow 4.x

References

https://vuldb.com/?id.306286

vdb-entry

https://vuldb.com/?ctiid.306286

signaturepermissions-required

https://vuldb.com/?submit.524459

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

pan.li (VulDB User)

CVE-2025-2811 Data

JSON

Gl.inet

What is CVE-2025-2811?

Affected Version(s)

References

CVSS V4

Timeline

Credit