CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

237 matches found

Packet Storm•added 2024/01/24 12:0 a.m.•572 views

GL.iNet Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' class MetasploitModule 'GL.iNet Unauthenticated Remote Command Execution via the logread module.', 'Description' = %q A command injection...

9.8CVSS7.4AI score0.48084EPSS

Exploits5

NVD•added 2024/01/12 8:15 a.m.•13 views

CVE-2023-50920

An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or...

5.5CVSS5.8AI score0.00196EPSS

Exploits1References1

NVD•added 2024/01/12 8:15 a.m.•22 views

CVE-2023-50919

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR30...

9.8CVSS9.8AI score0.48084EPSS

Exploits4References2

Prion•added 2024/01/12 8:15 a.m.•27 views

Authentication flaw

7.5CVSS7.5AI score0.48084EPSS

Exploits4References2Affected Software12

Prion•added 2024/01/12 8:15 a.m.•17 views

Authentication flaw

1.7CVSS7.6AI score0.00196EPSS

Exploits1References1Affected Software12

CNNVD•added 2024/01/12 12:0 a.m.•1 views

Various GL.iNet products Security Breach

GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet. GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol. the GL.iNet AR750S is a router. the GL.iNet AR750 is a router. A security vulnerability exists in several GL.iNet products that originates from assigning...

5.5CVSS6.9AI score0.00196EPSS

Exploits1References2

Vulnrichment•added 2024/01/12 12:0 a.m.•15 views

CVE-2023-50920

7.3AI score0.00196EPSS

Exploits1References1

Cvelist•added 2024/01/12 12:0 a.m.•29 views

CVE-2023-50919

10AI score0.48084EPSS

Exploits4References2

CVE•added 2024/01/12 12:0 a.m.•74 views

CVE-2023-50919

GL.iNet CVE-2023-50919 is an NGINX authentication bypass via Lua string pattern matching affecting multiple GL.iNet devices (e.g., A1300, AX1800, AXT1800, MT3000, MT2500, MT6000, MT1300, MT300N-V2, AR750S/750/300M, B1300, etc.) prior to firmware 4.5.0. The root cause is bypassing the authenticati...

9.8CVSS9.7AI score0.48084EPSS

In wildExploits4References2Affected Software1

CVE•added 2024/01/12 12:0 a.m.•40 views

CVE-2023-50920

GL.iNet devices prior to version 4.5.0 are affected by CVE-2023-50920, where the device assigns the same session ID after each reboot, enabling session ID reuse across sessions and bypassing authentication/access controls. Affected models include A1300 (4.4.6), AX1800 (4.4.6), AXT1800 (4.4.6), MT...

5.5CVSS5.7AI score0.00196EPSS

Exploits1References1Affected Software1

Cvelist•added 2024/01/12 12:0 a.m.•15 views

CVE-2023-50920

6AI score0.00196EPSS

Exploits1References1

Vulnrichment•added 2024/01/12 12:0 a.m.•6 views

CVE-2023-50919

9.8AI score0.48084EPSS

Exploits4References2

NVD•added 2024/01/03 9:15 a.m.•12 views

CVE-2023-50921

An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the adduser interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750...

9.8CVSS9.6AI score0.00519EPSS

Exploits0References1

Prion•added 2024/01/03 9:15 a.m.•17 views

Code injection

7.5CVSS7.5AI score0.00519EPSS

Exploits0References1Affected Software12

NVD•added 2024/01/03 8:15 a.m.•14 views

CVE-2023-50922

An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000...

7.2CVSS7.4AI score0.00861EPSS

Exploits1References1

Vulnrichment•added 2024/01/03 12:0 a.m.•2 views

CVE-2023-50921

7.5AI score0.00519EPSS

Exploits0References1

Cvelist•added 2024/01/03 12:0 a.m.•10 views

CVE-2023-50922

7.6AI score0.00861EPSS

Exploits1References1

CVE•added 2024/01/03 12:0 a.m.•54 views

CVE-2023-50922

CVE-2023-50922 affects GL.iNet devices through version 4.5.0. An attacker who can steal the AdminToken cookie can achieve remote code execution by uploading a crontab-formatted file to a specific directory and waiting for it to run. Affected models/versions include A1300 4.4.6, AX1800 4.4.6, AXT1...

7.2CVSS7.4AI score0.00861EPSS

Exploits1References1Affected Software1

CVE•added 2024/01/03 12:0 a.m.•50 views

CVE-2023-50921

CVE-2023-50921 affects GL.iNet devices (multiple models and firmware versions including A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S/AR750/AR300M 4.3.7, B1300 4.3.7). The issue allows attackers to invoke the add_user int...

9.8CVSS9.5AI score0.00519EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/01/03 12:0 a.m.•14 views

CVE-2023-50921

9.8AI score0.00519EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by