CVE-2022-31898

MEDIUM

Gl-inet Gl-mt300n-v2 Firmware - OS Command Injection

Title source: rule

Description

gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.

Exploits (2)

nomisec WORKING POC 17 stars

by gigaryte · poc

https://github.com/gigaryte/cve-2022-31898

View Code ZIP pw:eip

nomisec WORKING POC

by CryptoGhost1 · poc

https://github.com/CryptoGhost1/MangoPunch-CVE-2022-31898

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://boschko.ca/glinet-router

Scores

CVSS v3 6.8

EPSS 0.2236

EPSS Percentile 95.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (2)

gl-inet/gl-ax1800_firmware 3.214

gl-inet/gl-mt300n-v2_firmware 3.212

Published Oct 27, 2022

Tracked Since Feb 18, 2026