CVE-2022-31898

MEDIUM

GL.iNet GL-MT300N-V2 and GL-AX1800 Firmware - OS Command Injection via Ping and Trace Parameters

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-31898. PoCs published by gigaryte, CryptoGhost1.

AI-analyzed exploit summary This is a functional exploit PoC for CVE-2022-31898, an authenticated command injection vulnerability in GL-iNet routers running firmware below 3.215. It leverages the ping functionality to execute arbitrary commands, resulting in a reverse shell.

Description

gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.

Exploits (2)

nomisec WORKING POC 17 stars

by gigaryte · poc

https://github.com/gigaryte/cve-2022-31898

View Code ZIP pw:eip

This is a functional exploit PoC for CVE-2022-31898, an authenticated command injection vulnerability in GL-iNet routers running firmware below 3.215. It leverages the ping functionality to execute arbitrary commands, resulting in a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: GL-iNet routers (firmware < 3.215)

Auth required

Prerequisites: Network access to the target router · Valid credentials for authentication

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by CryptoGhost1 · poc

https://github.com/CryptoGhost1/MangoPunch-CVE-2022-31898

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2022-31898, an authenticated OS command injection vulnerability in GL.iNet devices. The exploit leverages the `ping_addr` parameter in the diagnostic API to execute arbitrary commands via shell metacharacters, demonstrating a reverse shell payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GL.iNet MT300N-V2 (Mango) and other models running firmware versions below 3.215

Auth required

Prerequisites: Authenticated access to the target device · Netcat listener for reverse shell

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 11, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://boschko.ca/glinet-router

Scores

CVSS v3 6.8

EPSS 0.1593

EPSS Percentile 96.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (2)

gl-inet/gl-ax1800_firmware 3.214

gl-inet/gl-mt300n-v2_firmware 3.212

Published Oct 27, 2022

Tracked Since Feb 18, 2026