An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Gl-inet
  • Gl-mt2500 Firmware
  • Gl-mt3000
  • Gl-ar750 Firmware
  • Gl-b1300 Firmware
  • Gl-a1300 Firmware
  • Gl-mt2500
  • Gl-mt300n-v2 Firmware
  • Gl-mt3000 Firmware
  • Gl-b1300
  • Gl-ar750s Firmware
  • Gl-mt6000
  • Gl-axt1800
  • Gl-ar750
  • Gl-ar300m
  • Gl-mt1300 Firmware
  • Gl-ax1800 Firmware
  • Gl-a1300
  • Gl-ar750s
  • Gl-mt1300
  • Gl-ar300m Firmware
  • Gl-mt6000 Firmware
  • Gl-ax1800
  • Gl-axt1800 Firmware
  • Gl-mt300n-v2

Configuration 1 [-]

AND
OR cpe:2.3:o:gl-inet:gl-ax1800_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-ax1800_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:gl-inet:gl-mt3000_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt3000_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
OR cpe:2.3:o:gl-inet:gl-mt2500_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt2500_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt6000:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
OR cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
OR cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
OR cpe:2.3:o:gl-inet:gl-ar750_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-ar750_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
OR cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
OR cpe:2.3:o:gl-inet:gl-b1300_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-b1300_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
OR cpe:2.3:o:gl-inet:gl-a1300_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-a1300_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:*
References
Link Resource
http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass.md Exploit Issue Tracking Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-12T00:00:00

Updated: 2024-01-24T16:06:28.187977

Reserved: 2023-12-15T00:00:00

Link: CVE-2023-50919

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2024-01-12T08:15:43.533

Modified: 2024-01-24T16:15:08.423

Link: CVE-2023-50919

JSON object: View

cve-icon Redhat Information

No data.

CWE