CVE-2025-2811 in GL-A1300 Slate Plus
Summary
by MITRE • 04/26/2025
A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to inefficient regular expression complexity. It is recommended to upgrade the affected component.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/26/2025
This vulnerability exists within multiple GL.iNet router models including the GL-A1300 Slate Plus, GL-AR300M Shadow series, GL-AR750 Creta, and various other devices in the GL-X series. The issue is categorized as a weakness in the API component of these networking devices, specifically related to inefficient regular expression complexity that can lead to significant performance degradation. The vulnerability affects firmware versions 4.x across these device families, representing a widespread issue that impacts numerous consumer and small office networking products. This flaw represents a classic example of a regular expression denial of service vulnerability where malformed input can cause exponential execution time, potentially leading to complete service disruption.
The technical flaw manifests through inefficient regular expression complexity that allows attackers to craft malicious input patterns which cause the regular expression engine to consume excessive computational resources. This type of vulnerability falls under CWE-1321 which specifically addresses regular expression denial of service vulnerabilities and aligns with ATT&CK technique T1499.100 which covers resource exhaustion attacks. When exploited, these vulnerabilities can cause the affected devices to become unresponsive or require manual rebooting, effectively creating a denial of service condition that impacts network connectivity for all connected devices. The issue is particularly concerning because it affects the API component which is likely used for device management, configuration, and remote access functions.
The operational impact of this vulnerability extends beyond simple service disruption to potentially compromise network security and availability. Network administrators managing these devices may experience complete loss of device management capabilities, forcing them to physically access devices or perform manual restarts to restore functionality. The affected devices operate in environments where continuous network availability is critical, making this vulnerability particularly dangerous. Attackers could exploit this weakness to repeatedly send malformed API requests, causing sustained denial of service conditions that could last until manual intervention occurs. This vulnerability also represents a significant risk to network infrastructure as it affects multiple device models from the same manufacturer, suggesting a systemic issue in the firmware implementation.
Mitigation strategies should focus on immediate firmware upgrades to the latest available versions that address this regular expression complexity issue. Organizations should implement network monitoring to detect potential exploitation attempts and establish procedures for manual device rebooting when service disruption occurs. Network segmentation and access control measures should be strengthened to limit potential attack vectors, while regular security assessments should be conducted to identify similar vulnerabilities in other network components. The vulnerability demonstrates the importance of proper input validation and regular security updates in embedded networking devices, particularly those with exposed API interfaces. Additionally, implementing rate limiting on API access and monitoring for unusual request patterns can help detect and prevent exploitation attempts before they cause significant disruption to network services.