CVE-2023-50919

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass.md	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:gl-inet:gl-ax1800_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-ax1800_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:gl-inet:gl-mt3000_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-mt3000_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:gl-inet:gl-mt2500_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-mt2500_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-mt6000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:gl-inet:gl-ar750_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-ar750_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

OR	cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

OR	cpe:2.3:o:gl-inet:gl-b1300_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-b1300_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

OR	cpe:2.3:o:gl-inet:gl-a1300_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-a1300_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:*

History

24 Jan 2024, 16:15

Type	Values Removed	Values Added
References		() http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html -

19 Jan 2024, 02:10

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-12 08:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-50919

Mitre link : CVE-2023-50919

CVE.ORG link : CVE-2023-50919

JSON object : View

Products Affected

gl-inet

gl-ar750s
gl-mt3000
gl-mt1300_firmware
gl-mt2500_firmware
gl-ax1800
gl-mt300n-v2
gl-mt300n-v2_firmware
gl-ar750
gl-axt1800
gl-ar750_firmware
gl-mt6000
gl-mt1300
gl-mt3000_firmware
gl-axt1800_firmware
gl-b1300
gl-ar300m_firmware
gl-ar750s_firmware
gl-b1300_firmware
gl-a1300_firmware
gl-mt6000_firmware
gl-ar300m
gl-a1300
gl-mt2500
gl-ax1800_firmware

CWE

CWE-287

Improper Authentication

9.8 /10