SecuriTricks - CVE-2025-2851

Description

A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. Affected is an unknown function of the file plugins.so of the component RPC Handler. The manipulation leads to buffer overflow. It is recommended to upgrade the affected component.

Product(s) Impacted

Vendor	Product	Versions
Gl.inet	Gl-a1300 Slate Plus Gl-ar300m16 Shadow Gl-ar300m Shadow Gl-ar750 Creta Gl-ar750s-ext Slate Gl-ax1800 Flint Gl-axt1800 Slate Ax Gl-b1300 Convexa-b Gl-b3000 Marble Gl-be3600 Slate 7 Gl-e750 Gl-e750v2 Mudi Gl-mt300n-v2 Mango Gl-mt1300 Beryl Gl-mt2500 Brume 2 Gl-mt3000 Beryl Ax Gl-mt6000 Flint 2 Gl-sft1200 Opal Gl-x300b Collie Gl-x750 Spitz Gl-x3000 Spitz Ax Gl-xe300 Puli Gl-xe3000 Puli Ax	4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.* 4.*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	gl.inet	gl-a1300_slate_plus	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-ar300m16_shadow	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-ar300m_shadow	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-ar750_creta	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-ar750s-ext_slate	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-ax1800_flint	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-axt1800_slate_ax	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-b1300_convexa-b	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-b3000_marble	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-be3600_slate_7	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-e750	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-e750v2_mudi	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-mt300n-v2_mango	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-mt1300_beryl	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-mt2500_brume_2	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-mt3000_beryl_ax	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-mt6000_flint_2	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-sft1200_opal	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-x300b_collie	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-x750_spitz	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-x3000_spitz_ax	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-xe300_puli	4.*	/	/	/	/	/	/	/
a	gl.inet	gl-xe3000_puli_ax	4.*	/	/	/	/	/	/	/

References

https://vuldb.com/?ctiid.306288

https://vuldb.com/?id.306288

https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/

CVSS Score

8.6 / 10

CVSS Data - 4.0

Attack Vector: ADJACENT
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: LOW
User Interaction: NONE
Scope:
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: April 26, 2025, 8:15 a.m.
Last Modified: April 26, 2025, 8:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@vuldb.com

CVE-2025-2851