CVE-2023-50921
CRITICALDescription
An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
Is your site exposed to CVE-2023-50921?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| gl-inet | gl-mt1300_firmware |
| gl-inet | gl-mt1300 |
| gl-inet | gl-mt300n-v2_firmware |
| gl-inet | gl-mt300n-v2 |
| gl-inet | gl-ar750s_firmware |
| gl-inet | gl-ar750s |
| gl-inet | gl-ar750_firmware |
| gl-inet | gl-ar750 |
| gl-inet | gl-ar300m_firmware |
| gl-inet | gl-ar300m |
| gl-inet | gl-b1300_firmware |
| gl-inet | gl-b1300 |
| gl-inet | gl-mt6000_firmware |
| gl-inet | gl-mt6000 |
| gl-inet | gl-a1300_firmware |
| gl-inet | gl-a1300 |
| gl-inet | gl-ax1800_firmware |
| gl-inet | gl-ax1800 |
| gl-inet | gl-axt1800_firmware |
| gl-inet | gl-axt1800 |
| gl-inet | gl-mt3000_firmware |
| gl-inet | gl-mt3000 |
| gl-inet | gl-mt2500_firmware |
| gl-inet | gl-mt2500 |
References
Frequently Asked Questions
What is CVE-2023-50921? +
How severe is CVE-2023-50921? +
What products are affected by CVE-2023-50921? +
How do I check if I'm vulnerable to CVE-2023-50921? +
Related Vulnerabilities
A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a …
NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom …
PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a …
A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions …
A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical …
A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on …