Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2850", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-27T06:21:21.419Z", "datePublished": "2025-04-26T07:31:03.631Z", "dateUpdated": "2025-04-28T18:09:52.772Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-26T07:31:03.631Z"}, "title": "GL.iNet GL-A1300 Slate Plus Download Interface improper authorization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-285", "lang": "en", "description": "Improper Authorization"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "Incorrect Privilege Assignment"}]}], "affected": [{"vendor": "GL.iNet", "product": "GL-A1300 Slate Plus", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-AR300M16 Shadow", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-AR300M Shadow", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-AR750 Creta", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-AR750S-EXT Slate", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-AX1800 Flint", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-AXT1800 Slate AX", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-B1300 Convexa-B", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-B3000 Marble", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-BE3600 Slate 7", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-E750", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-E750V2 Mudi", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-MT300N-V2 Mango", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-MT1300 Beryl", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-MT2500 Brume 2", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-MT3000 Beryl AX", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-MT6000 Flint 2", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-SFT1200 Opal", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-X300B Collie", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-X750 Spitz", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-X3000 Spitz AX", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-XE300 Puli", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-XE3000 Puli AX", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Eine Schwachstelle wurde in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Download Interface. Durch die Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.7, "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2025-04-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-04-26T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-04-26T08:38:33.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.306287", "name": "VDB-306287 | GL.iNet GL-A1300 Slate Plus Download Interface improper authorization", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.306287", "name": "VDB-306287 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/", "tags": ["patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-28T18:07:02.103624Z", "id": "CVE-2025-2850", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T18:09:52.772Z"}}]}}