5 matches found
VulnCheck KEV: CVE-2023-50919
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR30...
GL.iNet Unauthenticated Remote Command Execution via the logread module.
A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the glsystemlog and glcrashlog interface in the logread module. This exploit requires post-authentication using the Admin-Token...
GL.iNet Unauthenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' class MetasploitModule 'GL.iNet Unauthenticated Remote Command Execution via the logread module.', 'Description' = %q A command injection...
CVE-2023-50919
creationtimestamp| type| source ---|---|--- 2024-01-12 09:26:42+00:00| seen| https://t.me/ctinow/167149 2024-01-19 08:17:07+00:00| seen| https://t.me/ctinow/170095 2024-01-23 20:16:11+00:00| seen|...
CVE-2023-50919
GL.iNet CVE-2023-50919 describes an NGINX auth-bypass via Lua pattern matching affecting multiple GL.iNet devices (various models and firmware versions up to 4.5.0). A separate Metasploit module (GL.iNet Unauthenticated Remote Command Execution via the logread module) combines this bypass with an...