ГлавнаяУязвимости → CVE-2023-50919
9.8критическая

CVE-2023-50919

Описание

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

Затрагиваемое ПО
Gl-inet Gl-ax1800 firmwareGl-inet Gl-ax1800Gl-inet Gl-axt1800 firmwareGl-inet Gl-axt1800Gl-inet Gl-mt3000 firmwareGl-inet Gl-mt3000Gl-inet Gl-mt2500 firmwareGl-inet Gl-mt2500Gl-inet Gl-mt6000 firmwareGl-inet Gl-mt6000Gl-inet Gl-mt1300 firmwareGl-inet Gl-mt1300Gl-inet Gl-mt300n-v2 firmwareGl-inet Gl-mt300n-v2Gl-inet Gl-ar750s firmwareGl-inet Gl-ar750sGl-inet Gl-ar750 firmwareGl-inet Gl-ar750Gl-inet Gl-ar300m firmwareGl-inet Gl-ar300mGl-inet Gl-b1300 firmwareGl-inet Gl-b1300Gl-inet Gl-a1300 firmwareGl-inet Gl-a1300
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.htmlhttps://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass.mdhttp://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.htmlhttps://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass.md