CRITICAL🇵🇱 Wersja polska

CVE-2023-47462

CVSS 9.8v3.1pub. 2023-11-29upd. 2024-11-21

Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.

🤖 AI Analysis
How it works

The vulnerability results from improperly configured permissions (CWE-276) in the file sharing functionality on the GL.iNet AX1800 router. An attacker can exploit this function over the network, without any authentication or user interaction, to execute arbitrary code on the device. The lack of proper access control to the file sharing mechanism makes the vulnerability trivial to exploit.

Impact

An attacker can remotely execute arbitrary code on the device, which in practice means complete takeover of the router — violation of confidentiality, integrity, and availability of all network traffic passing through the device.

Mitigation & patch

GL.iNet AX1800 firmware should be updated to a version newer than 3.215. Patches available from the manufacturer should be applied according to references. As a temporary measure, it is recommended to disable file sharing functionality and restrict access to the router's administrative interface only to trusted hosts on the local network.

Who is affected

GL.iNet AX1800 (GL-AX1800) with firmware version 3.215 and all earlier versions.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gl Inet Gl Ax1800

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet Gl Ax1800 Firmware

    OS
    Gl-Inet
    ≤ 3.125
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-50919CRITICAL9.8PL ✓ten sam produkt

GL.iNet — Authentication Bypass w NGINX przez dopasowanie wzorców Lua

CVE-2023-50921CRITICAL9.8PL ✓ten sam produkt

GL.iNet: privilege escalation przez interfejs add_user do uprawnień root

CVE-2023-47463CRITICAL9.8PL ✓ten sam produkt

RCE w GL.iNet AX1800 przez błędne uprawnienia funkcji uwierzytelniania

CVE-2023-31475CRITICAL9.8ten sam produkt

An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a ...

CVE-2023-31471CRITICAL9.8ten sam produkt

An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is poss...