Skip to main content

Gl Mt1300 Firmware CVE-2023-50445

HIGH
OS Command Injection (CWE-78)
2023-12-28 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 28, 2023 - 05:15 nvd
HIGH 7.8

DescriptionNVD

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.

AnalysisAI

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module. Affected products include: Gl-Inet Gl-Mt1300 Firmware, Gl-Inet Gl-Mt300N-V2 Firmware, Gl-Inet Gl-Ar750S Firmware, Gl-Inet Gl-Ar750 Firmware, Gl-Inet Gl-Ar300M Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2023-50919 CRITICAL POC
9.8 Jan 12

An issue was discovered on GL.iNet devices before version 4.5.0. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2023-31475 CRITICAL POC
9.8 May 11

An issue was discovered on GL.iNet devices before 3.216. Rated critical severity (CVSS 9.8), this vulnerability is remot

CVE-2023-31471 CRITICAL POC
9.8 May 10

An issue was discovered on GL.iNet devices before 3.216. Rated critical severity (CVSS 9.8), this vulnerability is remot

CVE-2023-31477 HIGH POC
7.5 May 11

A path traversal issue was discovered on GL.iNet devices before 3.216. Rated high severity (CVSS 7.5), this vulnerabilit

CVE-2023-31478 HIGH POC
7.5 May 09

An issue was discovered on GL.iNet devices before 3.216. Rated high severity (CVSS 7.5), this vulnerability is remotely

CVE-2023-31474 HIGH POC
7.5 May 09

An issue was discovered on GL.iNet devices before 3.216. Rated high severity (CVSS 7.5), this vulnerability is remotely

CVE-2023-31472 HIGH POC
7.5 May 09

An issue was discovered on GL.iNet devices before 3.216. Rated high severity (CVSS 7.5), this vulnerability is remotely

CVE-2023-50922 HIGH POC
7.2 Jan 03

An issue was discovered on GL.iNet devices through 4.5.0. Rated high severity (CVSS 7.2), this vulnerability is remotely

CVE-2023-50921 CRITICAL
9.8 Jan 03

An issue was discovered on GL.iNet devices through 4.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remo

CVE-2023-50920 MEDIUM POC
5.5 Jan 12

An issue was discovered on GL.iNet devices before version 4.5.0. Rated medium severity (CVSS 5.5), this vulnerability is

CVE-2023-31473 MEDIUM POC
4.9 May 11

An issue was discovered on GL.iNet devices before 3.216. Rated medium severity (CVSS 4.9), this vulnerability is remotel

Share

CVE-2023-50445 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy