CVE-2025-2811 Information

Description

A vulnerability was found in GL.iNet GL-A1300 Slate Plus GL-AR300M16 Shadow GL-AR300M Shadow GL-AR750 Creta GL-AR750S-EXT Slate GL-AX1800 Flint GL-AXT1800 Slate AX GL-B1300 Convexa-B GL-B3000 Marble GL-BE3600 Slate 7 GL-E750 GL-E750V2 Mudi GL-MT300N-V2 Mango GL-MT1300 Beryl GL-MT2500 Brume 2 GL-MT3000 Beryl AX GL-MT6000 Flint 2 GL-SFT1200 Opal GL-X300B Collie GL-X750 Spitz GL-X3000 Spitz AX GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to inefficient regular expression complexity. It is recommended to upgrade the affected component.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Calling%20a%20special%20API%20that%20doesn’t%20require%20login%20and%20passing%20in%20a%20special%20character%20parameter%20results%20in%20100%25%20CPU%20usage.md https://vuldb.com/?ctiid.306286 https://vuldb.com/?id.306286 https://vuldb.com/?submit.524459 https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.7