CVE-2023-50922

Published: Jan 3, 2024Modified: Jun 3, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

Affected (12)

Products: Gl Inet: Gl Mt1300 Firmware, Gl Mt300n V2 Firmware, Gl Ar750s Firmware, Gl Ar750 Firmware, Gl Ar300m Firmware, Gl B1300 Firmware, Gl Mt6000 Firmware, Gl A1300 Firmware, Gl Ax1800 Firmware, Gl Axt1800 Firmware, Gl Mt3000 Firmware, Gl Mt2500 Firmware

Gl Inet

12 products

Gl Mt1300 Firmware

Gl Mt300n V2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt1300 Firmware	Version 4.3.7

Running on/with	Platform Versions
Gl Inet Gl Mt1300	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt300n V2 Firmware	Version 4.3.7

Running on/with	Platform Versions
Gl Inet Gl Mt300n V2	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Ar750s Firmware	Version 4.3.7

Running on/with	Platform Versions
Gl Inet Gl Ar750s	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Ar750 Firmware	Version 4.3.7

Running on/with	Platform Versions
Gl Inet Gl Ar750	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Ar300m Firmware	Version 4.3.7

Running on/with	Platform Versions
Gl Inet Gl Ar300m	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl B1300 Firmware	Version 4.3.7

Running on/with	Platform Versions
Gl Inet Gl B1300	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt6000 Firmware	Version 4.5.0

Running on/with	Platform Versions
Gl Inet Gl Mt6000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl A1300 Firmware	Version 4.4.6

Running on/with	Platform Versions
Gl Inet Gl A1300	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Ax1800 Firmware	Version 4.4.6

Running on/with	Platform Versions
Gl Inet Gl Ax1800	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Axt1800 Firmware	Version 4.4.6

Running on/with	Platform Versions
Gl Inet Gl Axt1800	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt3000 Firmware	Version 4.4.6

Running on/with	Platform Versions
Gl Inet Gl Mt3000	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt2500 Firmware	Version 4.4.6

Running on/with	Platform Versions
Gl Inet Gl Mt2500	All versions

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.