Lucene search
HistoryDec 12, 2023 - 3:15 p.m.
CVE-2023-46455
gl.inet
gl-ar300m
routers
firmware
v4.3.7
path traversal
attack
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.0005 Low
EPSS
Percentile
18.1%
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.
Affected configurations
Node
gl-inetgl-ar300m_firmwareMatch4.3.7
gl-inetgl-ar300mMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| gl-inet:gl-ar300m_firmware | gl-inet gl-ar300m firmware | eq | 4.3.7 |
Related
cvelist
cvelist
CVE-2023-46455
2023-12-12 00:00:00
nvd
nvd
CVE-2023-46455
2023-12-12 15:15:07
exploitdb
exploitdb
GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit
2024-03-03 00:00:00
prion
prion
Path traversal
2023-12-12 15:15:00
packetstorm
packetstorm
GL.iNet AR300M 4.3.7 Arbitrary File Write
2024-03-04 00:00:00
zdt
zdt
GL.iNet AR300M v4.3.7 Arbitrary File Read Exploit
2024-03-04 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.0005 Low
EPSS
Percentile
18.1%
Related for CVE-2023-46455