github - ghsa-4pmj-f9rj-vppc

ghsa-4pmj-f9rj-vppc

Vulnerability from github

Published

2025-04-26 09:30

Modified

2025-04-26 09:30

Severity ?

8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. Affected is an unknown function of the file plugins.so of the component RPC Handler. The manipulation leads to buffer overflow. It is recommended to upgrade the affected component.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-2851"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-26T08:15:15Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. Affected is an unknown function of the file plugins.so of the component RPC Handler. The manipulation leads to buffer overflow. It is recommended to upgrade the affected component.",
  "id": "GHSA-4pmj-f9rj-vppc",
  "modified": "2025-04-26T09:30:23Z",
  "published": "2025-04-26T09:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2851"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.306288"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.306288"
    },
    {
      "type": "WEB",
      "url": "https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2025-2851 (GCVE-0-2025-2851)

Vulnerability from cvelistv5

Published

2025-04-26 08:00

Modified

2025-04-28 18:09

Severity ?

8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-120 - Buffer Overflow
CWE-119 - Memory Corruption

Summary

References

►

URL

Tags

	https://vuldb.com/?id.306288	vdb-entry
	https://vuldb.com/?ctiid.306288	signature, permissions-required
	https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/	patch

Impacted products

Vendor

Product

Version

►

GL.iNet

GL-A1300 Slate Plus

Version: 4.x

GL.iNet	GL-AR300M16 Shadow	Version: 4.x
GL.iNet	GL-AR300M Shadow	Version: 4.x
GL.iNet	GL-AR750 Creta	Version: 4.x
GL.iNet	GL-AR750S-EXT Slate	Version: 4.x
GL.iNet	GL-AX1800 Flint	Version: 4.x
GL.iNet	GL-AXT1800 Slate AX	Version: 4.x
GL.iNet	GL-B1300 Convexa-B	Version: 4.x
GL.iNet	GL-B3000 Marble	Version: 4.x
GL.iNet	GL-BE3600 Slate 7	Version: 4.x
GL.iNet	GL-E750	Version: 4.x
GL.iNet	GL-E750V2 Mudi	Version: 4.x
GL.iNet	GL-MT300N-V2 Mango	Version: 4.x
GL.iNet	GL-MT1300 Beryl	Version: 4.x
GL.iNet	GL-MT2500 Brume 2	Version: 4.x
GL.iNet	GL-MT3000 Beryl AX	Version: 4.x
GL.iNet	GL-MT6000 Flint 2	Version: 4.x
GL.iNet	GL-SFT1200 Opal	Version: 4.x
GL.iNet	GL-X300B Collie	Version: 4.x
GL.iNet	GL-X750 Spitz	Version: 4.x
GL.iNet	GL-X3000 Spitz AX	Version: 4.x
GL.iNet	GL-XE300 Puli	Version: 4.x
GL.iNet	GL-XE3000 Puli AX	Version: 4.x

Show details on NVD website