CVSS: 5.5EPSS: 0%CPEs: 36EXPL: 1CVE-2023-50920
https://notcve.org/view.php?id=CVE-2023-50920
12 Jan 2024 — An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. ... • https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass-seesion-ID.md • CWE-384: Session Fixation •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 1CVE-2023-50919 – GL.iNet Unauthenticated Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-50919
12 Jan 2024 — An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. Se descubrió un problema en dispositivos GL.iNet anteriores a la versión 4.5.0. Existe una omisión de autenticación NGINX mediante la coincidencia de patrones de cadenas Lua. • http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html • CWE-287: Improper Authentication •
CVSS: 8.3EPSS: 0%CPEs: 24EXPL: 1CVE-2023-50922
https://notcve.org/view.php?id=CVE-2023-50922
03 Jan 2024 — An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. Se descubrió un problema en dispositivos GL.iNet hasta 4.5.0. Los atacantes que pueden robar l... • https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2023-50921
https://notcve.org/view.php?id=CVE-2023-50921
03 Jan 2024 — An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. Se descubrió un problema en dispositivos GL.iNet hasta 4.5.0. Los atacantes pueden invocar la interfaz add_user en el módulo de system para obtener privilegios de root. • https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Add_user_vulnerability.md •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 1CVE-2023-50445 – GL.iNet Unauthenticated Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-50445
28 Dec 2023 — Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module. Vulnerabilidad de inyección de Shell GL.iNet A1300 v4.4.6 AX1800 v4.4.6 AXT1800 v4.4.6 MT3000 v4.4.6 MT... • http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46454 – GL.iNet AR300M 4.3.7 Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-46454
12 Dec 2023 — In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality. En los routers GL.iNET GL-AR300M con firmware v4.3.7, es posible inyectar comandos de shell arbitrarios a través de un nombre de paquete manipulado en la funcionalidad de información del paquete. GL.iNet AR300M versions 4.3.7 and below suffer from an OpenVPN client related remote code execution vulnerability. • https://github.com/cyberaz0r/GL.iNet-Multiple-Vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46455 – GL.iNet AR300M 4.3.7 Arbitrary File Write
https://notcve.org/view.php?id=CVE-2023-46455
12 Dec 2023 — In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. En los routers GL.iNET GL-AR300M con firmware v4.3.7 es posible escribir archivos arbitrarios mediante un ataque de path traversal en la funcionalidad de carga de archivos del cliente OpenVPN. GL.iNet AR300M versions 4.3.7 and below suffer from an arbitrary file writing vulnerability. • https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •