logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-50922

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-50922

Description:
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
Last updated date:
01/10/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
01/10/2024
Reference url to background

https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy