Vulnerability Details CVE-2023-50445
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 85.0%
CVSS Severity
CVSS v3 Score 7.8
References
- http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html
- https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Using%20Shell%20Metacharacter%20Injection%20via%20API.md
- http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html
- https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Using%20Shell%20Metacharacter%20Injection%20via%20API.md
Products affected by CVE-2023-50445
-
cpe:2.3:h:gl-inet:gl-a1300:-
-
cpe:2.3:h:gl-inet:gl-ar300m:-
-
cpe:2.3:h:gl-inet:gl-ar750:-
-
cpe:2.3:h:gl-inet:gl-ar750s:-
-
cpe:2.3:h:gl-inet:gl-ax1800:-
-
cpe:2.3:h:gl-inet:gl-axt1800:-
-
cpe:2.3:h:gl-inet:gl-b1300:-
-
cpe:2.3:h:gl-inet:gl-mt1300:-
-
cpe:2.3:h:gl-inet:gl-mt2500:-
-
cpe:2.3:h:gl-inet:gl-mt3000:-
-
cpe:2.3:h:gl-inet:gl-mt300n-v2:-
-
cpe:2.3:h:gl-inet:gl-mt6000:-
-
cpe:2.3:o:gl-inet:gl-a1300_firmware:4.4.6
-
cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7
-
cpe:2.3:o:gl-inet:gl-ar750_firmware:4.3.7
-
cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.3.7
-
cpe:2.3:o:gl-inet:gl-ax1800_firmware:4.4.6
-
cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.4.6
-
cpe:2.3:o:gl-inet:gl-b1300_firmware:4.3.7
-
cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.3.7
-
cpe:2.3:o:gl-inet:gl-mt2500_firmware:4.4.6
-
cpe:2.3:o:gl-inet:gl-mt3000_firmware:4.4.6
-
cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.3.7
-
cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.5.0