CVE-2023-50922 - OpenCVE

An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Gl-inet	Gl-mt2500 Firmware Gl-mt3000 Gl-ar750 Firmware Gl-b1300 Firmware Gl-a1300 Firmware Gl-mt2500 Gl-mt300n-v2 Firmware Gl-mt3000 Firmware Gl-b1300 Gl-ar750s Firmware Gl-mt6000 Gl-axt1800 Gl-ar750 Gl-ar300m Gl-mt1300 Firmware Gl-a1300 Gl-ax1800 Firmware Gl-ar750s Gl-mt1300 Gl-ar300m Firmware Gl-mt6000 Firmware Gl-ax1800 Gl-axt1800 Firmware Gl-mt300n-v2

Configuration 1 [-]

AND

cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.3.7:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.3.7:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.3.7:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:gl-inet:gl-ar750_firmware:4.3.7:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:gl-inet:gl-b1300_firmware:4.3.7:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.5.0:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt6000:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:gl-inet:gl-a1300_firmware:4.4.6:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:gl-inet:gl-ax1800_firmware:4.4.6:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.4.6:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:gl-inet:gl-mt3000_firmware:4.4.6:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:gl-inet:gl-mt2500_firmware:4.4.6:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-03T00:00:00

Updated: 2024-01-03T07:47:27.685463

Reserved: 2023-12-15T00:00:00

Link: CVE-2023-50922

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-03T08:15:09.607

Modified: 2024-01-10T13:52:10.643

Link: CVE-2023-50922

JSON object: View

Redhat Information

No data.

CWE

CWE-434