WRITEUP #2024

GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown

ReconOS command injectionArbitrary file readInformation disclosureAccount takeoverStored XSSLack of rate limitingWeak credentialsPassword policy bypass

by@olivier_boschko(Olivier Laflamme)

Program

GL.iNet

Published

Oct 26, 2022

Added to HackDex

Oct 28, 2022

Read Full Writeuphttps://boschko.ca/glinet-router/

▸ RELATED WRITEUPS

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

ReconMissing authentication

P3 (Medium) : How I Gain Access To NASA's Internal Workspace?!

ReconInformation disclosure

How I Got Bugs From Google Dorks

ReconInformation disclosure

How I can easily get four P1 at NASA using Simple Google Dorking.

ReconInformation disclosure

$1600 Bounty on a Main Domain

ReconSession fixation

Built with ❤️ by Shubham Rawat