CVE-2023-50919

GL.iNet CVE-2023-50919 describes an NGINX auth-bypass via Lua pattern matching affecting multiple GL.iNet devices (various models and firmware versions up to 4.5.0). A separate Metasploit module (GL.iNet Unauthenticated Remote Command Execution via the logread module) combines this bypass with an...

CVE-2023-50919

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR30...

GL.iNet Multiple Products Operating System Command Injection Vulnerability

GL.iNet MT6000 and others are a router from China's GL.iNet. The operating system command injection vulnerability exists in several GL.iNet products. The vulnerability stems from the fact that NGINX authentication can be bypassed via Lua string pattern matching, which can be exploited by an...

CVE-2023-50919

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR30...

CVE-2023-52252

Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint...

CVE-2023-52252

Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint...

CVE-2023-52252

Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint...

Design/Logic Flaw

Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint...

Unified Remote Security Vulnerability

Unified Remote is a smartphone application that enables a cell phone to become a wireless universal remote control. A security vulnerability exists in Unified Remote version 3.13.0, which stems from a security issue in the wildcard Access-Control-Allow-Origin for remote upload endpoints, allowing...

CVE-2023-52252

Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint...

PT-2023-31943 · Unknown · Unified Remote

Name of the Vulnerable Software and Affected Versions: Unified Remote version 3.13.0 Description: The issue allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the "Remote upload endpoint". Recommendations: For Unified Remote version 3.13....

Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges

The developers of the information stealer malware known as Rhadamanthys are actively iterating on its features, broadening its information-gathering capabilities and also incorporating a plugin system to make it more customizable. This approach not only transforms it into a threat capable of...

PT-2023-8297 · Gl.Inet +1 · Gl.Inet +1

Name of the Vulnerable Software and Affected Versions: GL.iNet devices versions prior to 4.5.0 Description: An issue was discovered in GL.iNet devices, where there is an NGINX authentication bypass via Lua string pattern matching. This allows a remote attacker to bypass authentication and gain...

USN-6531-1 redis vulnerabilities

Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. CVE-2022-24834 SeungHyun Lee discovered that Redis incorrectly handled specially crafted...

Rocky Linux 8 : redis:6 (RLSA-2021:3945)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3945 advisory. - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the...

Rocky Linux 9 : lua (RLSA-2022:7329)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7329 advisory. - An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. CVE-2022-33099 Note that Nessus h...

Rocky Linux 8 : lua (RLSA-2021:4510)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4510 advisory. - ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31. CVE-2020-24370 Note that...

Rocky Linux 8 : lua (RLSA-2019:3706)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2019:3706 advisory. - Lua 5.3.5 has a use-after-free in luaupvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a...

Rocky Linux 8 : redis:5 (RLSA-2021:3918)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3918 advisory. - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the...

[SECURITY] Fedora 39 Update: redis-7.2.2-1.fc39

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...