CVE-2025-2850 Information

Description

A vulnerability was found in GL.iNet GL-A1300 Slate Plus GL-AR300M16 Shadow GL-AR300M Shadow GL-AR750 Creta GL-AR750S-EXT Slate GL-AX1800 Flint GL-AXT1800 Slate AX GL-B1300 Convexa-B GL-B3000 Marble GL-BE3600 Slate 7 GL-E750 GL-E750V2 Mudi GL-MT300N-V2 Mango GL-MT1300 Beryl GL-MT2500 Brume 2 GL-MT3000 Beryl AX GL-MT6000 Flint 2 GL-SFT1200 Opal GL-X300B Collie GL-X750 Spitz GL-X3000 Spitz AX GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

https://vuldb.com/?ctiid.306287 https://vuldb.com/?id.306287 https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.5