CVE-2025-2850 - Vulnerability Details

Link	Providers
https://vuldb.com/?ctiid.306287
https://vuldb.com/?id.306287
https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component.
Title		GL.iNet GL-A1300 Slate Plus Download Interface improper authorization
Weaknesses		CWE-266 CWE-285
References		https://vuldb.com/?ctiid.306287 https://vuldb.com/?id.306287 https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/
Metrics		cvssV2_0 `{'score': 2.7, 'vector': 'AV:A/AC:L/Au:S/C:P/I:N/A:N'}` cvssV3_0 `{'score': 3.5, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}` cvssV3_1 `{'score': 3.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2850", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-27T06:21:21.419Z", "datePublished": "2025-04-26T07:31:03.631Z", "dateUpdated": "2025-04-28T18:09:52.772Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-26T07:31:03.631Z"}, "title": "GL.iNet GL-A1300 Slate Plus Download Interface improper authorization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-285", "lang": "en", "description": "Improper Authorization"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "Incorrect Privilege Assignment"}]}], "affected": [{"vendor": "GL.iNet", "product": "GL-A1300 Slate Plus", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-AR300M16 Shadow", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-AR300M Shadow", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-AR750 Creta", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-AR750S-EXT Slate", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-AX1800 Flint", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-AXT1800 Slate AX", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-B1300 Convexa-B", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-B3000 Marble", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-BE3600 Slate 7", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-E750", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-E750V2 Mudi", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-MT300N-V2 Mango", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-MT1300 Beryl", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-MT2500 Brume 2", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-MT3000 Beryl AX", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-MT6000 Flint 2", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-SFT1200 Opal", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-X300B Collie", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-X750 Spitz", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-X3000 Spitz AX", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-XE300 Puli", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}, {"vendor": "GL.iNet", "product": "GL-XE3000 Puli AX", "versions": [{"version": "4.x", "status": "affected"}], "modules": ["Download Interface"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Eine Schwachstelle wurde in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Download Interface. Durch die Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.7, "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2025-04-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-04-26T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-04-26T08:38:33.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.306287", "name": "VDB-306287 | GL.iNet GL-A1300 Slate Plus Download Interface improper authorization", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.306287", "name": "VDB-306287 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/", "tags": ["patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-28T18:07:02.103624Z", "id": "CVE-2025-2850", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T18:09:52.772Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2025-2850 (string)

assignerOrgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

state : PUBLISHED (string)

assignerShortName : VulDB (string)

dateReserved : 2025-03-27T06:21:21.419Z (string)

datePublished : 2025-04-26T07:31:03.631Z (string)

dateUpdated : 2025-04-28T18:09:52.772Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

shortName : VulDB (string)

dateUpdated : 2025-04-26T07:31:03.631Z (string)

}

title : GL.iNet GL-A1300 Slate Plus Download Interface improper authorization (string)

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-285 (string)

lang : en (string)

description : Improper Authorization (string)

}

]

}

1 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-266 (string)

lang : en (string)

description : Incorrect Privilege Assignment (string)

}

]

}

]

affected : [ »

0 : { »

vendor : GL.iNet (string)

product : GL-A1300 Slate Plus (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

1 : { »

vendor : GL.iNet (string)

product : GL-AR300M16 Shadow (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

2 : { »

vendor : GL.iNet (string)

product : GL-AR300M Shadow (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

3 : { »

vendor : GL.iNet (string)

product : GL-AR750 Creta (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

4 : { »

vendor : GL.iNet (string)

product : GL-AR750S-EXT Slate (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

5 : { »

vendor : GL.iNet (string)

product : GL-AX1800 Flint (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

6 : { »

vendor : GL.iNet (string)

product : GL-AXT1800 Slate AX (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

7 : { »

vendor : GL.iNet (string)

product : GL-B1300 Convexa-B (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

8 : { »

vendor : GL.iNet (string)

product : GL-B3000 Marble (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

9 : { »

vendor : GL.iNet (string)

product : GL-BE3600 Slate 7 (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

10 : { »

vendor : GL.iNet (string)

product : GL-E750 (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

11 : { »

vendor : GL.iNet (string)

product : GL-E750V2 Mudi (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

12 : { »

vendor : GL.iNet (string)

product : GL-MT300N-V2 Mango (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

13 : { »

vendor : GL.iNet (string)

product : GL-MT1300 Beryl (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

14 : { »

vendor : GL.iNet (string)

product : GL-MT2500 Brume 2 (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

15 : { »

vendor : GL.iNet (string)

product : GL-MT3000 Beryl AX (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

16 : { »

vendor : GL.iNet (string)

product : GL-MT6000 Flint 2 (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

17 : { »

vendor : GL.iNet (string)

product : GL-SFT1200 Opal (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

18 : { »

vendor : GL.iNet (string)

product : GL-X300B Collie (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

19 : { »

vendor : GL.iNet (string)

product : GL-X750 Spitz (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

20 : { »

vendor : GL.iNet (string)

product : GL-X3000 Spitz AX (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

21 : { »

vendor : GL.iNet (string)

product : GL-XE300 Puli (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

22 : { »

vendor : GL.iNet (string)

product : GL-XE3000 Puli AX (string)

versions : [ »

0 : { »

version : 4.x (string)

status : affected (string)

}

]

modules : [ »

0 : Download Interface (string)

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component. (string)

}

1 : { »

lang : de (string)

value : Eine Schwachstelle wurde in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Download Interface. Durch die Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen. (string)

}

]

metrics : [ »

0 : { »

cvssV4_0 : { »

version : 4.0 (string)

baseScore : 5.1 (number)

vectorString : CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N (string)

baseSeverity : MEDIUM (string)

}

1 : { »

cvssV3_1 : { »

version : 3.1 (string)

baseScore : 3.5 (number)

vectorString : CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (string)

baseSeverity : LOW (string)

}

2 : { »

cvssV3_0 : { »

version : 3.0 (string)

baseScore : 3.5 (number)

vectorString : CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (string)

baseSeverity : LOW (string)

}

3 : { »

cvssV2_0 : { »

version : 2.0 (string)

baseScore : 2.7 (number)

vectorString : AV:A/AC:L/Au:S/C:P/I:N/A:N (string)

}

]

timeline : [ »

0 : { »

time : 2025-04-26T00:00:00.000Z (string)

lang : en (string)

value : Advisory disclosed (string)

}

1 : { »

time : 2025-04-26T02:00:00.000Z (string)

lang : en (string)

value : VulDB entry created (string)

}

2 : { »

time : 2025-04-26T08:38:33.000Z (string)

lang : en (string)

value : VulDB entry last update (string)

}

]

references : [ »

0 : { »

url : https://vuldb.com/?id.306287 (string)

name : VDB-306287 | GL.iNet GL-A1300 Slate Plus Download Interface improper authorization (string)

tags : [ »

0 : vdb-entry (string)

]

}

1 : { »

url : https://vuldb.com/?ctiid.306287 (string)

name : VDB-306287 | CTI Indicators (IOB, IOC, TTP) (string)

tags : [ »

0 : signature (string)

1 : permissions-required (string)

]

}

2 : { »

url : https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/ (string)

tags : [ »

0 : patch (string)

]

}

]

}

adp : [ »

0 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-04-28T18:07:02.103624Z (string)

id : CVE-2025-2850 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-04-28T18:09:52.772Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2850", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-28T18:07:02.103624Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T18:07:08.584Z"}}], "cna": {"title": "GL.iNet GL-A1300 Slate Plus Download Interface improper authorization", "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.7, "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N"}}], "affected": [{"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-A1300 Slate Plus", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-AR300M16 Shadow", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-AR300M Shadow", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-AR750 Creta", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-AR750S-EXT Slate", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-AX1800 Flint", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-AXT1800 Slate AX", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-B1300 Convexa-B", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-B3000 Marble", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-BE3600 Slate 7", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-E750", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-E750V2 Mudi", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-MT300N-V2 Mango", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-MT1300 Beryl", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-MT2500 Brume 2", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-MT3000 Beryl AX", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-MT6000 Flint 2", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-SFT1200 Opal", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-X300B Collie", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-X750 Spitz", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-X3000 Spitz AX", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-XE300 Puli", "versions": [{"status": "affected", "version": "4.x"}]}, {"vendor": "GL.iNet", "modules": ["Download Interface"], "product": "GL-XE3000 Puli AX", "versions": [{"status": "affected", "version": "4.x"}]}], "timeline": [{"lang": "en", "time": "2025-04-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-04-26T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-04-26T08:38:33.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.306287", "name": "VDB-306287 | GL.iNet GL-A1300 Slate Plus Download Interface improper authorization", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.306287", "name": "VDB-306287 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Eine Schwachstelle wurde in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Download Interface. Durch die Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "Improper Authorization"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-26T07:31:03.631Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2850", "state": "PUBLISHED", "dateUpdated": "2025-04-28T18:09:52.772Z", "dateReserved": "2025-03-27T06:21:21.419Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-04-26T07:31:03.631Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2025-2850 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-04-28T18:07:02.103624Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-04-28T18:07:08.584Z (string)

}

]

cna : { »

title : GL.iNet GL-A1300 Slate Plus Download Interface improper authorization (string)

metrics : [ »

0 : { »

cvssV4_0 : { »

version : 4.0 (string)

baseScore : 5.1 (number)

baseSeverity : MEDIUM (string)

vectorString : CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N (string)

}

1 : { »

cvssV3_1 : { »

version : 3.1 (string)

baseScore : 3.5 (number)

baseSeverity : LOW (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (string)

}

2 : { »

cvssV3_0 : { »

version : 3.0 (string)

baseScore : 3.5 (number)

baseSeverity : LOW (string)

vectorString : CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (string)

}

3 : { »

cvssV2_0 : { »

version : 2.0 (string)

baseScore : 2.7 (number)

vectorString : AV:A/AC:L/Au:S/C:P/I:N/A:N (string)

}

]

affected : [ »

0 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-A1300 Slate Plus (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

1 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-AR300M16 Shadow (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

2 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-AR300M Shadow (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

3 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-AR750 Creta (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

4 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-AR750S-EXT Slate (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

5 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-AX1800 Flint (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

6 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-AXT1800 Slate AX (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

7 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-B1300 Convexa-B (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

8 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-B3000 Marble (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

9 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-BE3600 Slate 7 (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

10 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-E750 (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

11 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-E750V2 Mudi (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

12 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-MT300N-V2 Mango (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

13 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-MT1300 Beryl (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

14 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-MT2500 Brume 2 (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

15 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-MT3000 Beryl AX (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

16 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-MT6000 Flint 2 (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

17 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-SFT1200 Opal (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

18 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-X300B Collie (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

19 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-X750 Spitz (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

20 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-X3000 Spitz AX (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

21 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-XE300 Puli (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

22 : { »

vendor : GL.iNet (string)

modules : [ »

0 : Download Interface (string)

]

product : GL-XE3000 Puli AX (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.x (string)

}

]

}

]

timeline : [ »

0 : { »

lang : en (string)

time : 2025-04-26T00:00:00.000Z (string)

value : Advisory disclosed (string)

}

1 : { »

lang : en (string)

time : 2025-04-26T02:00:00.000Z (string)

value : VulDB entry created (string)

}

2 : { »

lang : en (string)

time : 2025-04-26T08:38:33.000Z (string)

value : VulDB entry last update (string)

}

]

references : [ »

0 : { »

url : https://vuldb.com/?id.306287 (string)

name : VDB-306287 | GL.iNet GL-A1300 Slate Plus Download Interface improper authorization (string)

tags : [ »

0 : vdb-entry (string)

]

}

1 : { »

url : https://vuldb.com/?ctiid.306287 (string)

name : VDB-306287 | CTI Indicators (IOB, IOC, TTP) (string)

tags : [ »

0 : signature (string)

1 : permissions-required (string)

]

}

2 : { »

url : https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/ (string)

tags : [ »

0 : patch (string)

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component. (string)

}

1 : { »

lang : de (string)

value : Eine Schwachstelle wurde in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Download Interface. Durch die Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-285 (string)

description : Improper Authorization (string)

}

]

}

1 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-266 (string)

description : Incorrect Privilege Assignment (string)

}

]

}

]

providerMetadata : { »

orgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

shortName : VulDB (string)

dateUpdated : 2025-04-26T07:31:03.631Z (string)

}

cveMetadata : { »

cveId : CVE-2025-2850 (string)

state : PUBLISHED (string)

dateUpdated : 2025-04-28T18:09:52.772Z (string)

dateReserved : 2025-03-27T06:21:21.419Z (string)

assignerOrgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

datePublished : 2025-04-26T07:31:03.631Z (string)

assignerShortName : VulDB (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX. GL-XE300 Puli y GL-XE3000 Puli AX 4.x. Se ha clasificado como problem\u00e1tico. Este problema afecta a un procesamiento desconocido del componente Interfaz de Descarga. Esta manipulaci\u00f3n provoca una autorizaci\u00f3n incorrecta. Se recomienda actualizar el componente afectado."}], "id": "CVE-2025-2850", "lastModified": "2025-04-29T13:52:10.697", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-04-26T08:15:14.500", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.306287"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.306287"}, {"source": "cna@vuldb.com", "url": "https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-285"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component. (string)

}

1 : { »

lang : es (string)

value : Se encontró una vulnerabilidad en GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX. GL-XE300 Puli y GL-XE3000 Puli AX 4.x. Se ha clasificado como problemático. Este problema afecta a un procesamiento desconocido del componente Interfaz de Descarga. Esta manipulación provoca una autorización incorrecta. Se recomienda actualizar el componente afectado. (string)

}

]

id : CVE-2025-2850 (string)

lastModified : 2025-04-29T13:52:10.697 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : ADJACENT_NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 2.7 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:A/AC:L/Au:S/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 5.1 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : cna@vuldb.com (string)

type : Secondary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

baseSeverity : LOW (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.1 (number)

impactScore : 1.4 (number)

source : cna@vuldb.com (string)

type : Primary (string)

}

]

cvssMetricV40 : [ »

0 : { »

cvssData : { »

Automatable : NOT_DEFINED (string)

Recovery : NOT_DEFINED (string)

Safety : NOT_DEFINED (string)

attackComplexity : LOW (string)

attackRequirements : NONE (string)

attackVector : ADJACENT (string)

availabilityRequirement : NOT_DEFINED (string)

baseScore : 5.1 (number)

baseSeverity : MEDIUM (string)

confidentialityRequirement : NOT_DEFINED (string)

exploitMaturity : NOT_DEFINED (string)

integrityRequirement : NOT_DEFINED (string)

modifiedAttackComplexity : NOT_DEFINED (string)

modifiedAttackRequirements : NOT_DEFINED (string)

modifiedAttackVector : NOT_DEFINED (string)

modifiedPrivilegesRequired : NOT_DEFINED (string)

modifiedSubAvailabilityImpact : NOT_DEFINED (string)

modifiedSubConfidentialityImpact : NOT_DEFINED (string)

modifiedSubIntegrityImpact : NOT_DEFINED (string)

modifiedUserInteraction : NOT_DEFINED (string)

modifiedVulnAvailabilityImpact : NOT_DEFINED (string)

modifiedVulnConfidentialityImpact : NOT_DEFINED (string)

modifiedVulnIntegrityImpact : NOT_DEFINED (string)

privilegesRequired : LOW (string)

providerUrgency : NOT_DEFINED (string)

subAvailabilityImpact : NONE (string)

subConfidentialityImpact : NONE (string)

subIntegrityImpact : NONE (string)

userInteraction : NONE (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X (string)

version : 4.0 (string)

vulnAvailabilityImpact : NONE (string)

vulnConfidentialityImpact : LOW (string)

vulnIntegrityImpact : NONE (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

}

source : cna@vuldb.com (string)

type : Secondary (string)

}

]

}

published : 2025-04-26T08:15:14.500 (string)

references : [ »

0 : { »

source : cna@vuldb.com (string)

url : https://vuldb.com/?ctiid.306287 (string)

}

1 : { »

source : cna@vuldb.com (string)

url : https://vuldb.com/?id.306287 (string)

}

2 : { »

source : cna@vuldb.com (string)

url : https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/ (string)

}

]

sourceIdentifier : cna@vuldb.com (string)

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-266 (string)

}

1 : { »

lang : en (string)

value : CWE-285 (string)

}

]

source : cna@vuldb.com (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object