CVE-2023-50922

An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:gl-inet:gl-ar750_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:gl-inet:gl-b1300_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt6000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:gl-inet:gl-a1300_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:gl-inet:gl-ax1800_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:gl-inet:gl-mt3000_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:gl-inet:gl-mt2500_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:37

Type Values Removed Values Added
References () https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md - Exploit, Third Party Advisory () https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md - Exploit, Third Party Advisory

10 Jan 2024, 13:52

Type Values Removed Values Added
CPE cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-b1300_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-ax1800_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt3000_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-a1300_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.5.0:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt6000:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-ar750_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-mt2500_firmware:4.4.6:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*
References () https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md - () https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2
CWE CWE-434
First Time Gl-inet gl-ar300m Firmware
Gl-inet gl-ar750s Firmware
Gl-inet gl-axt1800
Gl-inet gl-ar300m
Gl-inet gl-mt300n-v2 Firmware
Gl-inet gl-ar750s
Gl-inet gl-mt3000
Gl-inet gl-b1300
Gl-inet gl-mt2500 Firmware
Gl-inet gl-a1300 Firmware
Gl-inet gl-axt1800 Firmware
Gl-inet gl-mt2500
Gl-inet gl-ax1800 Firmware
Gl-inet gl-mt6000
Gl-inet gl-mt1300
Gl-inet gl-mt3000 Firmware
Gl-inet gl-mt300n-v2
Gl-inet gl-mt1300 Firmware
Gl-inet gl-mt6000 Firmware
Gl-inet gl-ax1800
Gl-inet
Gl-inet gl-ar750 Firmware
Gl-inet gl-a1300
Gl-inet gl-b1300 Firmware
Gl-inet gl-ar750

03 Jan 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-03 08:15

Updated : 2024-11-21 08:37


NVD link : CVE-2023-50922

Mitre link : CVE-2023-50922

CVE.ORG link : CVE-2023-50922


JSON object : View

Products Affected

gl-inet

  • gl-mt1300_firmware
  • gl-mt6000
  • gl-ar300m
  • gl-mt3000
  • gl-mt6000_firmware
  • gl-ar750s
  • gl-ar300m_firmware
  • gl-a1300_firmware
  • gl-mt2500
  • gl-mt300n-v2_firmware
  • gl-ax1800_firmware
  • gl-a1300
  • gl-b1300
  • gl-ar750_firmware
  • gl-mt1300
  • gl-ax1800
  • gl-axt1800_firmware
  • gl-ar750s_firmware
  • gl-b1300_firmware
  • gl-mt2500_firmware
  • gl-mt300n-v2
  • gl-ar750
  • gl-mt3000_firmware
  • gl-axt1800
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type