CVE-2023-50921
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
Se descubrió un problema en dispositivos GL.iNet hasta 4.5.0. Los atacantes pueden invocar la interfaz add_user en el módulo de system para obtener privilegios de root. Esto afecta a A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7 y B1300 4.3.7.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-12-15 CVE Reserved
- 2024-01-03 CVE Published
- 2024-01-11 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Add_user_vulnerability.md | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gl-inet Search vendor "Gl-inet" | Gl-mt1300 Firmware Search vendor "Gl-inet" for product "Gl-mt1300 Firmware" | 4.3.7 Search vendor "Gl-inet" for product "Gl-mt1300 Firmware" and version "4.3.7" | - |
Affected
| in | Gl-inet Search vendor "Gl-inet" | Gl-mt1300 Search vendor "Gl-inet" for product "Gl-mt1300" | - | - |
Safe
|
| Gl-inet Search vendor "Gl-inet" | Gl-mt300n-v2 Firmware Search vendor "Gl-inet" for product "Gl-mt300n-v2 Firmware" | 4.3.7 Search vendor "Gl-inet" for product "Gl-mt300n-v2 Firmware" and version "4.3.7" | - |
Affected
| in | Gl-inet Search vendor "Gl-inet" | Gl-mt300n-v2 Search vendor "Gl-inet" for product "Gl-mt300n-v2" | - | - |
Safe
|
| Gl-inet Search vendor "Gl-inet" | Gl-ar750s Firmware Search vendor "Gl-inet" for product "Gl-ar750s Firmware" | 4.3.7 Search vendor "Gl-inet" for product "Gl-ar750s Firmware" and version "4.3.7" | - |
Affected
| in | Gl-inet Search vendor "Gl-inet" | Gl-ar750s Search vendor "Gl-inet" for product "Gl-ar750s" | - | - |
Safe
|
| Gl-inet Search vendor "Gl-inet" | Gl-ar750 Firmware Search vendor "Gl-inet" for product "Gl-ar750 Firmware" | 4.3.7 Search vendor "Gl-inet" for product "Gl-ar750 Firmware" and version "4.3.7" | - |
Affected
| in | Gl-inet Search vendor "Gl-inet" | Gl-ar750 Search vendor "Gl-inet" for product "Gl-ar750" | - | - |
Safe
|
| Gl-inet Search vendor "Gl-inet" | Gl-ar300m Firmware Search vendor "Gl-inet" for product "Gl-ar300m Firmware" | 4.3.7 Search vendor "Gl-inet" for product "Gl-ar300m Firmware" and version "4.3.7" | - |
Affected
| in | Gl-inet Search vendor "Gl-inet" | Gl-ar300m Search vendor "Gl-inet" for product "Gl-ar300m" | - | - |
Safe
|
| Gl-inet Search vendor "Gl-inet" | Gl-b1300 Firmware Search vendor "Gl-inet" for product "Gl-b1300 Firmware" | 4.3.7 Search vendor "Gl-inet" for product "Gl-b1300 Firmware" and version "4.3.7" | - |
Affected
| in | Gl-inet Search vendor "Gl-inet" | Gl-b1300 Search vendor "Gl-inet" for product "Gl-b1300" | - | - |
Safe
|
| Gl-inet Search vendor "Gl-inet" | Gl-mt6000 Firmware Search vendor "Gl-inet" for product "Gl-mt6000 Firmware" | 4.5.0 Search vendor "Gl-inet" for product "Gl-mt6000 Firmware" and version "4.5.0" | - |
Affected
| in | Gl-inet Search vendor "Gl-inet" | Gl-mt6000 Search vendor "Gl-inet" for product "Gl-mt6000" | - | - |
Safe
|
| Gl-inet Search vendor "Gl-inet" | Gl-a1300 Firmware Search vendor "Gl-inet" for product "Gl-a1300 Firmware" | 4.4.6 Search vendor "Gl-inet" for product "Gl-a1300 Firmware" and version "4.4.6" | - |
Affected
| in | Gl-inet Search vendor "Gl-inet" | Gl-a1300 Search vendor "Gl-inet" for product "Gl-a1300" | - | - |
Safe
|
| Gl-inet Search vendor "Gl-inet" | Gl-ax1800 Firmware Search vendor "Gl-inet" for product "Gl-ax1800 Firmware" | 4.4.6 Search vendor "Gl-inet" for product "Gl-ax1800 Firmware" and version "4.4.6" | - |
Affected
| in | Gl-inet Search vendor "Gl-inet" | Gl-ax1800 Search vendor "Gl-inet" for product "Gl-ax1800" | - | - |
Safe
|
| Gl-inet Search vendor "Gl-inet" | Gl-axt1800 Firmware Search vendor "Gl-inet" for product "Gl-axt1800 Firmware" | 4.4.6 Search vendor "Gl-inet" for product "Gl-axt1800 Firmware" and version "4.4.6" | - |
Affected
| in | Gl-inet Search vendor "Gl-inet" | Gl-axt1800 Search vendor "Gl-inet" for product "Gl-axt1800" | - | - |
Safe
|
| Gl-inet Search vendor "Gl-inet" | Gl-mt3000 Firmware Search vendor "Gl-inet" for product "Gl-mt3000 Firmware" | 4.4.6 Search vendor "Gl-inet" for product "Gl-mt3000 Firmware" and version "4.4.6" | - |
Affected
| in | Gl-inet Search vendor "Gl-inet" | Gl-mt3000 Search vendor "Gl-inet" for product "Gl-mt3000" | - | - |
Safe
|
| Gl-inet Search vendor "Gl-inet" | Gl-mt2500 Firmware Search vendor "Gl-inet" for product "Gl-mt2500 Firmware" | 4.4.6 Search vendor "Gl-inet" for product "Gl-mt2500 Firmware" and version "4.4.6" | - |
Affected
| in | Gl-inet Search vendor "Gl-inet" | Gl-mt2500 Search vendor "Gl-inet" for product "Gl-mt2500" | - | - |
Safe
|