CVE-2023-50921

Published: Jan 3, 2024Modified: Jun 18, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

Affected (12)

Products: Gl Inet: Gl Mt1300 Firmware, Gl Mt300n V2 Firmware, Gl Ar750s Firmware, Gl Ar750 Firmware, Gl Ar300m Firmware, Gl B1300 Firmware, Gl Mt6000 Firmware, Gl A1300 Firmware, Gl Ax1800 Firmware, Gl Axt1800 Firmware, Gl Mt3000 Firmware, Gl Mt2500 Firmware

Gl Inet

12 products

Gl Mt1300 Firmware

Gl Mt300n V2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt1300 Firmware	Version 4.3.7

Running on/with	Platform Versions
Gl Inet Gl Mt1300	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt300n V2 Firmware	Version 4.3.7

Running on/with	Platform Versions
Gl Inet Gl Mt300n V2	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Ar750s Firmware	Version 4.3.7

Running on/with	Platform Versions
Gl Inet Gl Ar750s	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Ar750 Firmware	Version 4.3.7

Running on/with	Platform Versions
Gl Inet Gl Ar750	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Ar300m Firmware	Version 4.3.7

Running on/with	Platform Versions
Gl Inet Gl Ar300m	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl B1300 Firmware	Version 4.3.7

Running on/with	Platform Versions
Gl Inet Gl B1300	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt6000 Firmware	Version 4.5.0

Running on/with	Platform Versions
Gl Inet Gl Mt6000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl A1300 Firmware	Version 4.4.6

Running on/with	Platform Versions
Gl Inet Gl A1300	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Ax1800 Firmware	Version 4.4.6

Running on/with	Platform Versions
Gl Inet Gl Ax1800	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Axt1800 Firmware	Version 4.4.6

Running on/with	Platform Versions
Gl Inet Gl Axt1800	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt3000 Firmware	Version 4.4.6

Running on/with	Platform Versions
Gl Inet Gl Mt3000	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt2500 Firmware	Version 4.4.6

Running on/with	Platform Versions
Gl Inet Gl Mt2500	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Add_user_vulnerability.md

Source: cve@mitre.org

Third Party Advisory

https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Add_user_vulnerability.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.