An issue exists on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gl-inet gl-ax1800 firmware 4.3.7 |
||
gl-inet gl-ax1800 firmware 4.4.6 |
||
gl-inet gl-axt1800 firmware 4.3.7 |
||
gl-inet gl-axt1800 firmware 4.4.6 |
||
gl-inet gl-mt3000 firmware 4.3.7 |
||
gl-inet gl-mt3000 firmware 4.4.6 |
||
gl-inet gl-mt2500 firmware 4.3.7 |
||
gl-inet gl-mt2500 firmware 4.4.6 |
||
gl-inet gl-mt6000 firmware 4.3.7 |
||
gl-inet gl-mt6000 firmware 4.4.6 |
||
gl-inet gl-mt1300 firmware 4.3.7 |
||
gl-inet gl-mt1300 firmware 4.4.6 |
||
gl-inet gl-mt300n-v2 firmware 4.3.7 |
||
gl-inet gl-mt300n-v2 firmware 4.4.6 |
||
gl-inet gl-ar750s firmware 4.3.7 |
||
gl-inet gl-ar750s firmware 4.4.6 |
||
gl-inet gl-ar750 firmware 4.3.7 |
||
gl-inet gl-ar750 firmware 4.4.6 |
||
gl-inet gl-ar300m firmware 4.3.7 |
||
gl-inet gl-ar300m firmware 4.4.6 |
||
gl-inet gl-b1300 firmware 4.3.7 |
||
gl-inet gl-b1300 firmware 4.4.6 |
||
gl-inet gl-a1300 firmware 4.3.7 |
||
gl-inet gl-a1300 firmware 4.4.6 |