CVE-2025-2811
GL.iNet GL-A1300 Slate Plus API redos
A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to inefficient regular expression complexity. It is recommended to upgrade the affected component.
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Produtos afetados
GL.iNet · GL-A1300 Slate PlusGL.iNet · GL-AR300M16 ShadowGL.iNet · GL-AR300M ShadowGL.iNet · GL-AR750 CretaGL.iNet · GL-AR750S-EXT SlateGL.iNet · GL-AX1800 FlintGL.iNet · GL-AXT1800 Slate AXGL.iNet · GL-B1300 Convexa-BGL.iNet · GL-B3000 MarbleGL.iNet · GL-BE3600 Slate 7GL.iNet · GL-E750GL.iNet · GL-E750V2 MudiGL.iNet · GL-MT1300 BerylGL.iNet · GL-MT2500 Brume 2GL.iNet · GL-MT3000 Beryl AXGL.iNet · GL-MT300N-V2 MangoGL.iNet · GL-MT6000 Flint 2GL.iNet · GL-SFT1200 OpalGL.iNet · GL-X3000 Spitz AXGL.iNet · GL-X300B CollieGL.iNet · GL-X750 SpitzGL.iNet · GL-XE3000 Puli AXGL.iNet · GL-XE300 PuliQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Calling%20a%20special%20API%20that%20doesn't%20require%20login%20and%20passing%20in%20a%20special%20character%20parameter%20results%20in%20100%25%20CPU%20usage.mdhttps://vuldb.com/?ctiid.306286https://vuldb.com/?id.306286https://vuldb.com/?submit.524459https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/