CVE-2023-46454: cyberaz0r Security Blog | GL.iNet Multiple Vulnerabilities

CVE-2023-46454: Remote Command Execution

Affected Products and Versions: GL.iNet GL-AR300M routers with firmware v4.3.7
CVSSv3.1 Score: 7.2 (High)
CVSSv3.1 Attack Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Discoverer: Michele ‘cyberaz0r’ Di Bonaventura
Exploit: GitHub

Executive Summary

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.

Update GL.iNet GL-AR300M router firmware to the latest version.

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-46454

CVE-2023-46455: Arbitrary File Write

Affected Products and Versions: GL.iNet GL-AR300M routers with firmware v4.3.7
CVSSv3.1 Score: 7.2 (High)
CVSSv3.1 Attack Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Discoverer: Michele ‘cyberaz0r’ Di Bonaventura
Exploit: GitHub

Executive Summary

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.

Update GL.iNet GL-AR300M router firmware to the latest version.

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-46455

CVE-2023-46456: Remote Command Execution

Affected Products and Versions: GL.iNet GL-AR300M routers with firmware v3.216
CVSSv3.1 Score: 7.2 (High)
CVSSv3.1 Attack Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Discoverer: Michele ‘cyberaz0r’ Di Bonaventura
Exploit: GitHub

Executive Summary

In GL.iNET GL-AR300M routers with firmware v3.216, it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.

Update GL.iNet GL-AR300M router firmware to the latest version.

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-46456