← Back

CVE-2023-50919

nvd nist
Published: Jan 12, 2024Modified: Jun 3, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

Affected (24)

Gl Inet
12 products
Gl Ax1800 Firmware
Gl Axt1800 Firmware
Gl Mt3000 Firmware
Gl Mt2500 Firmware
Gl Mt6000 Firmware
Gl Mt1300 Firmware
Gl Mt300n V2 Firmware
Gl Ar750s Firmware
Gl Ar750 Firmware
Gl Ar300m Firmware
Gl B1300 Firmware
Gl A1300 Firmware
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gl Inet
Gl Ax1800 Firmware
Version 4.3.7
Gl Ax1800 Firmware
Version 4.4.6
Running on/withPlatform Versions
Gl Inet
Gl Ax1800
All versions
Configuration B
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gl Inet
Gl Axt1800 Firmware
Version 4.3.7
Gl Axt1800 Firmware
Version 4.4.6
Running on/withPlatform Versions
Gl Inet
Gl Axt1800
All versions
Configuration C
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gl Inet
Gl Mt3000 Firmware
Version 4.3.7
Gl Mt3000 Firmware
Version 4.4.6
Running on/withPlatform Versions
Gl Inet
Gl Mt3000
All versions
Configuration D
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gl Inet
Gl Mt2500 Firmware
Version 4.3.7
Gl Mt2500 Firmware
Version 4.4.6
Running on/withPlatform Versions
Gl Inet
Gl Mt2500
All versions
Configuration E
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gl Inet
Gl Mt6000 Firmware
Version 4.3.7
Gl Mt6000 Firmware
Version 4.4.6
Running on/withPlatform Versions
Gl Inet
Gl Mt6000
All versions
Configuration F
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gl Inet
Gl Mt1300 Firmware
Version 4.3.7
Gl Mt1300 Firmware
Version 4.4.6
Running on/withPlatform Versions
Gl Inet
Gl Mt1300
All versions
Configuration G
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gl Inet
Gl Mt300n V2 Firmware
Version 4.3.7
Gl Mt300n V2 Firmware
Version 4.4.6
Running on/withPlatform Versions
Gl Inet
Gl Mt300n V2
All versions
Configuration H
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gl Inet
Gl Ar750s Firmware
Version 4.3.7
Gl Ar750s Firmware
Version 4.4.6
Running on/withPlatform Versions
Gl Inet
Gl Ar750s
All versions
Configuration I
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gl Inet
Gl Ar750 Firmware
Version 4.3.7
Gl Ar750 Firmware
Version 4.4.6
Running on/withPlatform Versions
Gl Inet
Gl Ar750
All versions
Configuration J
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gl Inet
Gl Ar300m Firmware
Version 4.3.7
Gl Ar300m Firmware
Version 4.4.6
Running on/withPlatform Versions
Gl Inet
Gl Ar300m
All versions
Configuration K
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gl Inet
Gl B1300 Firmware
Version 4.3.7
Gl B1300 Firmware
Version 4.4.6
Running on/withPlatform Versions
Gl Inet
Gl B1300
All versions
Configuration L
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gl Inet
Gl A1300 Firmware
Version 4.3.7
Gl A1300 Firmware
Version 4.4.6
Running on/withPlatform Versions
Gl Inet
Gl A1300
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

Source: cve@mitre.org
Source: cve@mitre.org
ExploitIssue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.