CVE-2023-50445
HIGH WAF: High
CVSS 7.8
Published: 2023-12-28
CWE-78 CWE-77
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| gl-inet | gl-mt1300_firmware | 4.3.7 |
| gl-inet | gl-mt300n-v2_firmware | 4.3.7 |
| gl-inet | gl-ar750s_firmware | 4.3.7 |
| gl-inet | gl-ar750_firmware | 4.3.7 |
| gl-inet | gl-ar300m_firmware | 4.3.7 |
| gl-inet | gl-b1300_firmware | 4.3.7 |
| gl-inet | gl-mt6000_firmware | 4.5.0 |
| gl-inet | gl-a1300_firmware | 4.4.6 |
| gl-inet | gl-ax1800_firmware | 4.4.6 |
| gl-inet | gl-axt1800_firmware | 4.4.6 |
References
- packetstormsecurity.com
- github.com (Exploit, Third Party Advisory)