Buffer Overflow Vulnerability in GL.iNet Networking Devices
CVE-2025-2851

8.6HIGH

Key Information:

Vendor

Gl.inet

Status
Gl-a1300 Slate Plus
Gl-ar300m16 Shadow
Gl-ar300m Shadow
Gl-ar750 Creta
Vendor
CVE Published:
26 April 2025

What is CVE-2025-2851?

A buffer overflow vulnerability has been identified in the RPC handler of various GL.iNet networking devices. This issue arises from improper handling of inputs within the plugins.so component. Successful exploitation could allow an attacker to manipulate system memory, potentially leading to arbitrary code execution. Users are strongly advised to upgrade their devices to mitigate potential risks associated with this vulnerability.

Affected Version(s)

GL-A1300 Slate Plus 4.x

GL-AR300M Shadow 4.x

GL-AR300M16 Shadow 4.x

References

https://vuldb.com/?id.306288
vdb-entry
https://vuldb.com/?ctiid.306288
signaturepermissions-required
https://www.gl-inet.com/security-updates/security-advisor...
patch

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.