Vulnerability CVE-2023-50919
Published: 2024-01-12

Description:
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

See advisories in our WLB2 database:
Topic
Author
Date
High
GL.iNet Unauthenticated Remote Command Execution
h00die-gr3y
25.01.2024

Type:

CWE-78

 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 References:
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass.md
Copyright 2024, cxsecurity.com

 

Back to Top