Mt6000
Monthly
Hard-coded cryptographic key exposure in the glnassys (GL.iNet NAS system) component across eight GL.iNet router models running firmware 4.8.x enables a low-privileged remote attacker to exploit a static authentication token and potentially execute unauthorized commands against the NAS subsystem. The vulnerability is rooted in CWE-321 (Use of Hard-coded Cryptographic Key), where the firmware embeds a fixed authentication secret that cannot be rotated by users or administrators. No public exploit identified at time of analysis, and the vendor has released firmware 4.9.0 as a fix.
Hard-coded cryptographic key exposure in the glnassys (GL.iNet NAS system) component across eight GL.iNet router models running firmware 4.8.x enables a low-privileged remote attacker to exploit a static authentication token and potentially execute unauthorized commands against the NAS subsystem. The vulnerability is rooted in CWE-321 (Use of Hard-coded Cryptographic Key), where the firmware embeds a fixed authentication secret that cannot be rotated by users or administrators. No public exploit identified at time of analysis, and the vendor has released firmware 4.9.0 as a fix.