An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
References
Link | Resource |
---|---|
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
10 Jan 2024, 13:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md - Exploit, Third Party Advisory | |
First Time |
Gl-inet gl-ar300m Firmware
Gl-inet gl-ar750s Firmware Gl-inet gl-axt1800 Gl-inet gl-ar300m Gl-inet gl-mt300n-v2 Firmware Gl-inet gl-ar750s Gl-inet gl-mt3000 Gl-inet gl-b1300 Gl-inet gl-mt2500 Firmware Gl-inet gl-a1300 Firmware Gl-inet gl-axt1800 Firmware Gl-inet gl-mt2500 Gl-inet gl-ax1800 Firmware Gl-inet gl-mt6000 Gl-inet gl-mt1300 Gl-inet gl-mt3000 Firmware Gl-inet gl-mt300n-v2 Gl-inet gl-mt1300 Firmware Gl-inet gl-mt6000 Firmware Gl-inet gl-ax1800 Gl-inet Gl-inet gl-ar750 Firmware Gl-inet gl-a1300 Gl-inet gl-b1300 Firmware Gl-inet gl-ar750 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CWE | CWE-434 | |
CPE | cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.4.6:*:*:*:*:*:*:* cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:* cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-b1300_firmware:4.3.7:*:*:*:*:*:*:* cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ax1800_firmware:4.4.6:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt3000_firmware:4.4.6:*:*:*:*:*:*:* cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:* cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:* cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-a1300_firmware:4.4.6:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.3.7:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.5.0:*:*:*:*:*:*:* cpe:2.3:h:gl-inet:gl-mt6000:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.3.7:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.3.7:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-ar750_firmware:4.3.7:*:*:*:*:*:*:* cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:* cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:* cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:* cpe:2.3:o:gl-inet:gl-mt2500_firmware:4.4.6:*:*:*:*:*:*:* cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:* cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:* |
03 Jan 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-03 08:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-50922
Mitre link : CVE-2023-50922
CVE.ORG link : CVE-2023-50922
JSON object : View
Products Affected
gl-inet
- gl-a1300
- gl-mt6000_firmware
- gl-ar750s
- gl-ar300m
- gl-ax1800_firmware
- gl-ar750_firmware
- gl-mt300n-v2
- gl-mt300n-v2_firmware
- gl-axt1800
- gl-ar750s_firmware
- gl-mt1300
- gl-axt1800_firmware
- gl-mt2500
- gl-b1300
- gl-mt2500_firmware
- gl-ar750
- gl-mt3000
- gl-ar300m_firmware
- gl-b1300_firmware
- gl-mt3000_firmware
- gl-mt6000
- gl-ax1800
- gl-a1300_firmware
- gl-mt1300_firmware
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type