Home
Description
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands with root privileges
References
www.gl-inet.com/security-updates/
aleksazatezalo.medium.com/...d81ee51?postPublishedType=repub