CVE-2023-50445 — HIGH (7.8)

Vulnerability Description

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gl-Inet	Gl-Mt1300 Firmware	4.3.7
Gl-Inet	Gl-Mt1300	-
Gl-Inet	Gl-Mt300N-V2 Firmware	4.3.7
Gl-Inet	Gl-Mt300N-V2	-
Gl-Inet	Gl-Ar750S Firmware	4.3.7
Gl-Inet	Gl-Ar750S	-
Gl-Inet	Gl-Ar750 Firmware	4.3.7
Gl-Inet	Gl-Ar750	-
Gl-Inet	Gl-Ar300M Firmware	4.3.7
Gl-Inet	Gl-Ar300M	-
Gl-Inet	Gl-B1300 Firmware	4.3.7
Gl-Inet	Gl-B1300	-
Gl-Inet	Gl-Mt6000 Firmware	4.5.0
Gl-Inet	Gl-Mt6000	-
Gl-Inet	Gl-A1300 Firmware	4.4.6
Gl-Inet	Gl-A1300	-
Gl-Inet	Gl-Ax1800 Firmware	4.4.6
Gl-Inet	Gl-Ax1800	-
Gl-Inet	Gl-Axt1800 Firmware	4.4.6
Gl-Inet	Gl-Axt1800	-

Related Weaknesses (CWE)

CWE-78 CWE-77

References

http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Comma
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Using%20Shell%20MetacharacExploitThird Party Advisory
http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Comma
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Using%20Shell%20MetacharacExploitThird Party Advisory

FAQ

What is CVE-2023-50445?

CVE-2023-50445 is a vulnerability with a CVSS score of 7.8 (HIGH). Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4....

How severe is CVE-2023-50445?

CVE-2023-50445 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-50445?

Check the references section above for vendor advisories and patch information. Affected products include: Gl-Inet Gl-Mt1300 Firmware, Gl-Inet Gl-Mt1300, Gl-Inet Gl-Mt300N-V2 Firmware, Gl-Inet Gl-Mt300N-V2, Gl-Inet Gl-Ar750S Firmware.