|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-03-06 | |
| Rule Name: | GL.iNet Unauthenticated Remote Command Execution Vulnerability (CVE-2023-50445 CVE-2023-50919) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Using https://cxsecurity.com/cveshow/CVE-2023-50445/ |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://www.gl-inet.com/ |