An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html | |
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass.md | Exploit Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-12T00:00:00
Updated: 2024-01-24T16:06:28.187977
Reserved: 2023-12-15T00:00:00
Link: CVE-2023-50919
JSON object: View
NVD Information
Status : Modified
Published: 2024-01-12T08:15:43.533
Modified: 2024-01-24T16:15:08.423
Link: CVE-2023-50919
JSON object: View
Redhat Information
No data.
CWE