Browse all 4 CVE security advisories affecting GL.iNet. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GL.iNet develops compact networking devices focused on providing secure internet connectivity solutions, particularly for travelers and privacy-conscious users. Historically, their products have been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by four recorded CVEs. These vulnerabilities often stem from improper input validation and insecure default configurations. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in their firmware suggests ongoing challenges in secure development practices. Users are advised to maintain current firmware versions to mitigate potential risks associated with these security shortcomings.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-5959 | GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication — GL-RM1CWE-287 | 6.6 | Medium | 2026-04-09 |
| CVE-2025-2851 | GL.iNet GL-A1300 Slate Plus RPC plugins.so buffer overflow — GL-A1300 Slate PlusCWE-120 | 8.0 | High | 2025-04-26 |
| CVE-2025-2850 | GL.iNet GL-A1300 Slate Plus Download Interface improper authorization — GL-A1300 Slate PlusCWE-285 | 3.5 | Low | 2025-04-26 |
| CVE-2025-2811 | GL.iNet GL-A1300 Slate Plus API redos — GL-A1300 Slate PlusCWE-1333 | 5.7 | Medium | 2025-04-26 |
This page lists every published CVE security advisory associated with GL.iNet. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.