CVE-2023-50919

Exploit

EPSS 52.26%
Veröffentlicht 12.01.2024 08:15:43
Zuletzt bearbeitet 03.06.2025 14:15:34
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gl-inet ≫ Gl-ax1800 Firmware Version4.3.7

Gl-inet ≫ Gl-ax1800 Version-

Gl-inet ≫ Gl-ax1800 Firmware Version4.4.6

Gl-inet ≫ Gl-ax1800 Version-

Gl-inet ≫ Gl-axt1800 Firmware Version4.3.7

Gl-inet ≫ Gl-axt1800 Version-

Gl-inet ≫ Gl-axt1800 Firmware Version4.4.6

Gl-inet ≫ Gl-axt1800 Version-

Gl-inet ≫ Gl-mt3000 Firmware Version4.3.7

Gl-inet ≫ Gl-mt3000 Version-

Gl-inet ≫ Gl-mt3000 Firmware Version4.4.6

Gl-inet ≫ Gl-mt3000 Version-

Gl-inet ≫ Gl-mt2500 Firmware Version4.3.7

Gl-inet ≫ Gl-mt2500 Version-

Gl-inet ≫ Gl-mt2500 Firmware Version4.4.6

Gl-inet ≫ Gl-mt2500 Version-

Gl-inet ≫ Gl-mt6000 Firmware Version4.3.7

Gl-inet ≫ Gl-mt6000 Version-

Gl-inet ≫ Gl-mt6000 Firmware Version4.4.6

Gl-inet ≫ Gl-mt6000 Version-

Gl-inet ≫ Gl-mt1300 Firmware Version4.3.7

Gl-inet ≫ Gl-mt1300 Version-

Gl-inet ≫ Gl-mt1300 Firmware Version4.4.6

Gl-inet ≫ Gl-mt1300 Version-

Gl-inet ≫ Gl-mt300n-v2 Firmware Version4.3.7

Gl-inet ≫ Gl-mt300n-v2 Version-

Gl-inet ≫ Gl-mt300n-v2 Firmware Version4.4.6

Gl-inet ≫ Gl-mt300n-v2 Version-

Gl-inet ≫ Gl-ar750s Firmware Version4.3.7

Gl-inet ≫ Gl-ar750s Version-

Gl-inet ≫ Gl-ar750s Firmware Version4.4.6

Gl-inet ≫ Gl-ar750s Version-

Gl-inet ≫ Gl-ar750 Firmware Version4.3.7

Gl-inet ≫ Gl-ar750 Version-

Gl-inet ≫ Gl-ar750 Firmware Version4.4.6

Gl-inet ≫ Gl-ar750 Version-

Gl-inet ≫ Gl-ar300m Firmware Version4.3.7

Gl-inet ≫ Gl-ar300m Version-

Gl-inet ≫ Gl-ar300m Firmware Version4.4.6

Gl-inet ≫ Gl-ar300m Version-

Gl-inet ≫ Gl-b1300 Firmware Version4.3.7

Gl-inet ≫ Gl-b1300 Version-

Gl-inet ≫ Gl-b1300 Firmware Version4.4.6

Gl-inet ≫ Gl-b1300 Version-

Gl-inet ≫ Gl-a1300 Firmware Version4.3.7

Gl-inet ≫ Gl-a1300 Version-

Gl-inet ≫ Gl-a1300 Firmware Version4.4.6

Gl-inet ≫ Gl-a1300 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	52.26%	0.978

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html

https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass.md

Vendor Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2023-50919

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50919

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50919

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-50919