so.cl

The MT300N-V2 portable router is affected by an OS Command Injection vulnerability that allows authenticated attackers to run arbitrary commands on the affected system as the application’s user. This vulnerability exists within the local web interface and remote cloud interface. This vulnerability stems from improper validation of input passed through the ping (ping_addr) and traceroute (trace_addr) parameters. The vulnerability affects a few GL.iNET product’s firmware >3.2.12. GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown