| |
Podatność CVE-2023-50919
Publikacja: 2024-01-12
| Opis: |
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. |
W naszej bazie, znaleźliśmy następujące noty dla tego CVE: | Tytuł | Autor | Data |
High |
| h00die-gr3y | 25.01.2024 |
Typ:
CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
)
Referencje: |
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass.md
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
Polish
English