CVE-2023-50922
published 2024-01-03CVE-2023-50922: An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a…
PriorityP343high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.86%
53.9th percentile
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gl-inet | gl-a1300_firmware | — | — |
| gl-inet | gl-ar300m_firmware | — | — |
| gl-inet | gl-ar750_firmware | — | — |
| gl-inet | gl-ar750s_firmware | — | — |
| gl-inet | gl-ax1800_firmware | — | — |
| gl-inet | gl-axt1800_firmware | — | — |
| gl-inet | gl-b1300_firmware | — | — |
| gl-inet | gl-mt1300_firmware | — | — |
| gl-inet | gl-mt2500_firmware | — | — |
| gl-inet | gl-mt3000_firmware | — | — |
| gl-inet | gl-mt300n-v2_firmware | — | — |
| gl-inet | gl-mt6000_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-01-03
Published