Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGl Inet Gl Ax1800
HWGl-Inetwszystkie wersjeGl Inet Gl Ax1800 Firmware
OSGl-Inet4.0.0 – 4.5.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
Related vulnerabilities
CVE-2023-50919CRITICAL9.8PL ✓ten sam produkt
GL.iNet — Authentication Bypass w NGINX przez dopasowanie wzorców Lua
CVE-2023-50921CRITICAL9.8PL ✓ten sam produkt
GL.iNet: privilege escalation przez interfejs add_user do uprawnień root
CVE-2023-47462CRITICAL9.8PL ✓ten sam produkt
Nieprawidłowe uprawnienia w GL.iNet AX1800 umożliwiające zdalne wykonanie kodu
CVE-2023-31475CRITICAL9.8ten sam produkt
An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a ...
CVE-2023-31471CRITICAL9.8ten sam produkt
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is poss...