CVE-2023-50919
First published: Fri Jan 12 2024(Updated: )
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| Netgear Nighthawk AX1800 Firmware | =4.3.7 | |
| Netgear Nighthawk AX1800 Firmware | =4.4.6 | |
| GL.iNet GL-AX1800 | ||
| All of | ||
| Any of | ||
| gl-inet gl-axt1800 | =4.3.7 | |
| gl-inet gl-axt1800 | =4.4.6 | |
| GL.iNet GL-AX1800 | ||
| All of | ||
| Any of | ||
| GL.iNet GL-MT3000 Firmware | =4.3.7 | |
| GL.iNet GL-MT3000 Firmware | =4.4.6 | |
| GL.iNet GL-MT3000 | ||
| All of | ||
| Any of | ||
| GL.iNet GL-MT2500 | =4.3.7 | |
| GL.iNet GL-MT2500 | =4.4.6 | |
| GL.iNet GL-MT2500 | ||
| All of | ||
| Any of | ||
| GL.iNet GL-MT6000 | =4.3.7 | |
| GL.iNet GL-MT6000 | =4.4.6 | |
| GL.iNet GL-MT6000 | ||
| All of | ||
| Any of | ||
| GL.iNet GL-MT1300 Firmware | =4.3.7 | |
| GL.iNet GL-MT1300 Firmware | =4.4.6 | |
| GL.iNet GL-MT1300 | ||
| All of | ||
| Any of | ||
| GL.iNet GL-MT300N-V2 Firmware | =4.3.7 | |
| GL.iNet GL-MT300N-V2 Firmware | =4.4.6 | |
| gl-inet gl-mt300n-v2 firmware | ||
| All of | ||
| Any of | ||
| GL.iNet GL-AR750 Firmware | =4.3.7 | |
| GL.iNet GL-AR750 Firmware | =4.4.6 | |
| GL.iNet GL-AR750 Firmware | ||
| All of | ||
| Any of | ||
| GL.iNet GL-AR750 Firmware | =4.3.7 | |
| GL.iNet GL-AR750 Firmware | =4.4.6 | |
| GL.iNet GL-AR750 Firmware | ||
| All of | ||
| Any of | ||
| GL.iNet GL-AR300M Firmware | =4.3.7 | |
| GL.iNet GL-AR300M Firmware | =4.4.6 | |
| GL.iNet GL-AR300M Firmware | ||
| All of | ||
| Any of | ||
| GL.iNet GL-B1300 Firmware | =4.3.7 | |
| GL.iNet GL-B1300 Firmware | =4.4.6 | |
| GL.iNet GL-B1300 Firmware | ||
| All of | ||
| Any of | ||
| GL.iNet GL-A1300 Firmware | =4.3.7 | |
| GL.iNet GL-A1300 Firmware | =4.4.6 | |
| GL.iNet GL-A1300 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-50919?
CVE-2023-50919 is classified as a high-severity vulnerability due to the potential for unauthorized access.
How do I fix CVE-2023-50919?
To mitigate CVE-2023-50919, upgrade your GL.iNet devices to firmware version 4.5.0 or later.
What devices are affected by CVE-2023-50919?
CVE-2023-50919 affects GL.iNet devices running versions before 4.5.0, including A1300, AX1800, and MT3000 among others.
How does CVE-2023-50919 exploit NGINX authentication?
CVE-2023-50919 exploits NGINX authentication through Lua string pattern matching, allowing bypass of access controls.
Is there a workaround for CVE-2023-50919 before upgrading?
While upgrading is recommended, there are no reliable workarounds available for CVE-2023-50919.
- agent/author
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gl-inet
- canonical/netgear nighthawk ax1800 firmware
- version/netgear nighthawk ax1800 firmware/4.3.7
- version/netgear nighthawk ax1800 firmware/4.4.6
- canonical/gl.inet gl-ax1800
- canonical/gl-inet gl-axt1800
- version/gl-inet gl-axt1800/4.3.7
- version/gl-inet gl-axt1800/4.4.6
- canonical/gl.inet gl-mt3000 firmware
- version/gl.inet gl-mt3000 firmware/4.3.7
- version/gl.inet gl-mt3000 firmware/4.4.6
- canonical/gl.inet gl-mt3000
- canonical/gl.inet gl-mt2500
- version/gl.inet gl-mt2500/4.3.7
- version/gl.inet gl-mt2500/4.4.6
- canonical/gl.inet gl-mt6000
- version/gl.inet gl-mt6000/4.3.7
- version/gl.inet gl-mt6000/4.4.6
- canonical/gl.inet gl-mt1300 firmware
- version/gl.inet gl-mt1300 firmware/4.3.7
- version/gl.inet gl-mt1300 firmware/4.4.6
- canonical/gl.inet gl-mt1300
- canonical/gl.inet gl-mt300n-v2 firmware
- version/gl.inet gl-mt300n-v2 firmware/4.3.7
- version/gl.inet gl-mt300n-v2 firmware/4.4.6
- canonical/gl-inet gl-mt300n-v2 firmware
- canonical/gl.inet gl-ar750 firmware
- version/gl.inet gl-ar750 firmware/4.3.7
- version/gl.inet gl-ar750 firmware/4.4.6
- canonical/gl.inet gl-ar300m firmware
- version/gl.inet gl-ar300m firmware/4.3.7
- version/gl.inet gl-ar300m firmware/4.4.6
- canonical/gl.inet gl-b1300 firmware
- version/gl.inet gl-b1300 firmware/4.3.7
- version/gl.inet gl-b1300 firmware/4.4.6
- canonical/gl.inet gl-a1300 firmware
- version/gl.inet gl-a1300 firmware/4.3.7
- version/gl.inet gl-a1300 firmware/4.4.6