CVE-2023-50921
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/01/2024
Last modified:
18/06/2025
Description
An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-ar750_firmware:4.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-b1300_firmware:4.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:gl-inet:gl-mt6000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-a1300_firmware:4.4.6:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page