CVE-2023-46453
CriticalSummary
Certain GL.iNet devices with 4.x firmware allow authentication bypass, resulting in administrative control of the device. This affects version 4.3.7 on models GL-MT3000, GL-AR300M, GL-B1300, GL-AX1800, GL-AR750S, GL-MT2500, GL-AXT1800, GL-X3000, and GL-SFT1200.
Risk Assessment
Authentication bypass may lead to unauthorized access to devices, posing a serious threat to the security of the organization's network and data.
Recommendation
It is recommended to update the firmware to the latest version to mitigate this vulnerability and to monitor device access for potential unauthorized access attempts.
Original NVD description (English source)
Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S GL-MT2500 GL-AXT1800 GL-X3000 and GL-SFT1200.

