CVE-2023-50445
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
28/12/2023
Last modified:
03/07/2024
Description
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-ar750_firmware:4.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-b1300_firmware:4.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:gl-mt6000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-a1300_firmware:4.4.6:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page