CVE-2023-50445: OS Command Injection
First published: Thu Dec 28 2023(Updated: )
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| GL.iNet GL-MT1300 | ||
| GL.iNet GL-MT1300 Firmware | =4.3.7 | |
| All of | ||
| gl-inet gl-mt300n-v2 firmware | ||
| GL.iNet GL-MT300N-V2 Firmware | =4.3.7 | |
| All of | ||
| GL.iNet GL-AR750 Firmware | ||
| GL.iNet GL-AR750 Firmware | =4.3.7 | |
| All of | ||
| GL.iNet GL-AR750 Firmware | ||
| GL.iNet GL-AR750 Firmware | =4.3.7 | |
| All of | ||
| GL.iNet GL-AR300M Firmware | ||
| GL.iNet GL-AR300M Firmware | =4.3.7 | |
| All of | ||
| GL.iNet GL-B1300 Firmware | ||
| GL.iNet GL-B1300 Firmware | =4.3.7 | |
| All of | ||
| GL.iNet GL-MT6000 | ||
| GL.iNet GL-MT6000 | =4.5.0 | |
| All of | ||
| GL.iNet GL-A1300 Firmware | =4.4.6 | |
| GL.iNet GL-A1300 Firmware | ||
| All of | ||
| Netgear Nighthawk AX1800 Firmware | =4.4.6 | |
| GL.iNet GL-AX1800 | ||
| All of | ||
| gl-inet gl-axt1800 | =4.4.6 | |
| GL.iNet GL-AX1800 | ||
| All of | ||
| GL.iNet GL-MT3000 Firmware | =4.4.6 | |
| GL.iNet GL-MT3000 | ||
| All of | ||
| GL.iNet GL-MT2500 | =4.4.6 | |
| GL.iNet GL-MT2500 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-50445?
CVE-2023-50445 has been assigned a severity rating due to its potential for local code execution via shell injection.
How do I fix CVE-2023-50445?
To fix CVE-2023-50445, update to the latest firmware version provided by GL.iNet that addresses this vulnerability.
What systems are affected by CVE-2023-50445?
Devices affected by CVE-2023-50445 include GL.iNet A1300 v4.4.6, AX1800 v4.4.6, MT3000 v4.4.6, and several other models, primarily those with specific firmware versions.
Can CVE-2023-50445 be exploited remotely?
CVE-2023-50445 requires local access to the device, which limits its exploitation level to users with physical access.
What are the consequences of exploiting CVE-2023-50445?
Exploiting CVE-2023-50445 can allow an attacker to execute arbitrary commands on the vulnerable device, potentially compromising its functionality and security.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/weakness
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gl-inet
- canonical/gl.inet gl-mt1300
- canonical/gl.inet gl-mt1300 firmware
- version/gl.inet gl-mt1300 firmware/4.3.7
- canonical/gl-inet gl-mt300n-v2 firmware
- canonical/gl.inet gl-mt300n-v2 firmware
- version/gl.inet gl-mt300n-v2 firmware/4.3.7
- canonical/gl.inet gl-ar750 firmware
- version/gl.inet gl-ar750 firmware/4.3.7
- canonical/gl.inet gl-ar300m firmware
- version/gl.inet gl-ar300m firmware/4.3.7
- canonical/gl.inet gl-b1300 firmware
- version/gl.inet gl-b1300 firmware/4.3.7
- canonical/gl.inet gl-mt6000
- version/gl.inet gl-mt6000/4.5.0
- canonical/gl.inet gl-a1300 firmware
- version/gl.inet gl-a1300 firmware/4.4.6
- canonical/netgear nighthawk ax1800 firmware
- version/netgear nighthawk ax1800 firmware/4.4.6
- canonical/gl.inet gl-ax1800
- canonical/gl-inet gl-axt1800
- version/gl-inet gl-axt1800/4.4.6
- canonical/gl.inet gl-mt3000 firmware
- version/gl.inet gl-mt3000 firmware/4.4.6
- canonical/gl.inet gl-mt3000
- canonical/gl.inet gl-mt2500
- version/gl.inet gl-mt2500/4.4.6