Improper Authorization Flaw in GL.iNet Router Models
CVE-2025-2850

5.1MEDIUM

Key Information:

Vendor

Gl.inet

Status
Gl-a1300 Slate Plus
Gl-ar300m16 Shadow
Gl-ar300m Shadow
Gl-ar750 Creta
Vendor
CVE Published:
26 April 2025

What is CVE-2025-2850?

An improper authorization vulnerability was identified in various GL.iNet router models. This flaw affects the Download Interface component, potentially allowing unauthorized manipulation of device settings. It is crucial for users to upgrade their devices as soon as a patch is available to mitigate the risk of unauthorized access and potential compromise of network security.

Affected Version(s)

GL-A1300 Slate Plus 4.x

GL-AR300M Shadow 4.x

GL-AR300M16 Shadow 4.x

References

https://vuldb.com/?id.306287
vdb-entry
https://vuldb.com/?ctiid.306287
signaturepermissions-required
https://www.gl-inet.com/security-updates/security-advisor...
patch

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.