Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-67091

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Jan, 2026 | 00:00
Updated At-08 Jan, 2026 | 16:10
Rejected At-
Credits

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API calls to manage packages. The vulnerable code uses shell redirection to create a lock file in the world-writable /tmp directory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Jan, 2026 | 00:00
Updated At:08 Jan, 2026 | 16:10
Rejected At:
â–¼CVE Numbering Authority (CNA)

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API calls to manage packages. The vulnerable code uses shell redirection to create a lock file in the world-writable /tmp directory.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.gl-inet.com/
N/A
https://aleksazatezalo.medium.com/critical-command-injection-vulnerability-in-gl-inet-gl-axt1800-router-firmware-e6d67d81ee51?postPublishedType=repub
N/A
https://aleksazatezalo.medium.com/critical-authentication-bypass-vulnerability-in-gl-inet-gl-axt1800-router-firmware-f19442ca721d
N/A
Hyperlink: https://www.gl-inet.com/
Resource: N/A
Hyperlink: https://aleksazatezalo.medium.com/critical-command-injection-vulnerability-in-gl-inet-gl-axt1800-router-firmware-e6d67d81ee51?postPublishedType=repub
Resource: N/A
Hyperlink: https://aleksazatezalo.medium.com/critical-authentication-bypass-vulnerability-in-gl-inet-gl-axt1800-router-firmware-f19442ca721d
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-307CWE-307 Improper Restriction of Excessive Authentication Attempts
Type: CWE
CWE ID: CWE-307
Description: CWE-307 Improper Restriction of Excessive Authentication Attempts
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Jan, 2026 | 16:15
Updated At:16 Jan, 2026 | 21:28

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API calls to manage packages. The vulnerable code uses shell redirection to create a lock file in the world-writable /tmp directory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
gl-inet
gl-inet
>>ax1800_firmware>>4.2.0
cpe:2.3:o:gl-inet:ax1800_firmware:4.2.0:*:*:*:*:*:*:*
gl-inet
gl-inet
>>ax1800_firmware>>4.6.4
cpe:2.3:o:gl-inet:ax1800_firmware:4.6.4:*:*:*:*:*:*:*
gl-inet
gl-inet
>>ax1800_firmware>>4.6.8
cpe:2.3:o:gl-inet:ax1800_firmware:4.6.8:*:*:*:*:*:*:*
gl-inet
gl-inet
>>ax1800>>-
cpe:2.3:h:gl-inet:ax1800:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-307Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-307
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://aleksazatezalo.medium.com/critical-authentication-bypass-vulnerability-in-gl-inet-gl-axt1800-router-firmware-f19442ca721dcve@mitre.org
Exploit
Third Party Advisory
Press/Media Coverage
https://aleksazatezalo.medium.com/critical-command-injection-vulnerability-in-gl-inet-gl-axt1800-router-firmware-e6d67d81ee51?postPublishedType=repubcve@mitre.org
Exploit
Third Party Advisory
Press/Media Coverage
https://www.gl-inet.com/cve@mitre.org
Product
Hyperlink: https://aleksazatezalo.medium.com/critical-authentication-bypass-vulnerability-in-gl-inet-gl-axt1800-router-firmware-f19442ca721d
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Press/Media Coverage
Hyperlink: https://aleksazatezalo.medium.com/critical-command-injection-vulnerability-in-gl-inet-gl-axt1800-router-firmware-e6d67d81ee51?postPublishedType=repub
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Press/Media Coverage
Hyperlink: https://www.gl-inet.com/
Source: cve@mitre.org
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2024-39225
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-32.46% / 96.74%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 00:00
Updated-15 Aug, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.

Action-Not Available
Vendor-gl-inetn/agl-inet
Product-mt3000usb150sft1200xe3000_firmwarear300mar300m16_firmwareb2200xe300x750mt1300e750_firmwaresft1200_firmwaremt300n-v2_firmwarea1300ar300m_firmwaree750b1300_firmwares1300x3000mt3000_firmwarear750sx300b_firmwaren300_firmwarear750xe300_firmwareax1800_firmwares1300_firmwarear300m16n300mv1000_firmwaremt2500_firmwareap1300ar750s_firmwareb2200_firmwarex300bmt1300_firmwaremt2500ax1800a1300_firmwaresf1200_firmwaremv1000w_firmwareap1300_firmwaremt6000_firmwaremv1000mt6000b1300mv1000waxt1800_firmwareusb150_firmwaremt300n-v2xe3000sf1200x3000_firmwarex750_firmwareaxt1800ar750_firmwaren/amv1000_firmwaremt2500_firmwarear750s_firmwareb2200_firmwarear300m16_firmwarexe3000_firmwaremt1300_firmwarea1300_firmwaree750_firmwaresf1200_firmwaresft1200_firmwaremv1000w_firmwaremt300n-v2_firmwareap1300_firmwarex750_firmwarear300m_firmwaremt6000_firmwareb1300_firmwareaxt1800_firmwareusb150_firmwaremt3000_firmwarex300b_firmwarex3000_firmwaren300_firmwarexe300_firmwareax1800_firmwares1300_firmwarear750_firmware
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2025-67090
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.12% / 31.09%
||
7 Day CHG+0.01%
Published-08 Jan, 2026 | 00:00
Updated-16 Jan, 2026 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (`/cgi-bin/luci`). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface.

Action-Not Available
Vendor-gl-inetn/a
Product-ax1800_firmwareax1800n/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-20635
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.43%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 06:15
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.

Action-Not Available
Vendor-logitechLOGITEC CORPORATION
Product-lan-wh450n\/gr_firmwarelan-wh450n\/grLAN-WH450N/GR
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2024-25031
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.86%
||
7 Day CHG~0.00%
Published-28 Jun, 2024 | 18:32
Updated-01 Aug, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Defender information disclosure

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678.

Action-Not Available
Vendor-IBM Corporation
Product-storage_defenderStorage Defender - Resiliency Service
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-40903
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.50%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges.

Action-Not Available
Vendor-aiphonen/a
Product-gt-dmb-n_firmwaregt-dmb-ngt-dmb-lvn_firmwaregt-db-vngt-dmbgt-db-vn_firmwaregt-dmb_firmwaregt-dmb-lvnn/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-33735
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.55%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 19:44
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ws7200-10ws7200-10_firmwareWS7200-10
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-22496
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.67%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 16:25
Updated-17 Sep, 2024 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixspectrum_protect_serverwindowslinux_kernelSpectrum Protect Server
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
Details not found