Volerion logoVolerion
Volerion logoVolerion

GL.iNet Routers Hard-Coded Cryptographic Key Vulnerability in Glnassys Component

Vulnerability

A vulnerability exists in GL.iNet router models A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000, and XE3000, all running firmware version 4.8.x. The issue arises from a hard-coded cryptographic key in the glnassys component, which can be exploited remotely. This flaw allows unauthorized access to network storage-related interfaces, potentially leading to command execution. The vulnerability requires a high level of complexity to exploit.

Impact

Exploitation of this vulnerability allows unauthorized users to access network storage interfaces and execute commands on the device.

Remediation

Users are advised to upgrade to GL.iNet firmware version 4.9.0 or later, where this vulnerability has been addressed.

Added: Jun 8, 2026, 12:35 PM
Updated: Jun 8, 2026, 12:35 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
7.5
exploitability
7.0
remediation
7.7
relevance
9.3
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.