Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-50445

EPSS 3.12% · P87
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-50445

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
GL.INET 多款产品安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GL.iNet MT1300等都是中国GL.iNet公司的产品。GL.iNet MT1300是一款路由器。GL.iNet MT300N-V2是一款迷你路由器。GL.iNet AR750S是一款路由器。 GL.INET 多款产品存在安全漏洞,该漏洞源于logread模块中的get_system_log和get_crash_log函数,以及upgrade模块中的upgrade_online函数中可以通过 API 使用 Shell 元字符注入,允许通过外部提供的参数执行shell命令,从而实现对相关产品的控制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2023-50445

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-50445

登录查看更多情报信息。

Same Patch Batch · n/a · 2023-12-28 · 16 CVEs total

CVE-2023-34829TP-LINK Tapo 安全漏洞
CVE-2023-46989PrestaShop SQL注入漏洞
CVE-2023-49228Peplink Balance 安全漏洞
CVE-2023-49229Peplink Balance 安全漏洞
CVE-2023-49230Peplink Balance 安全漏洞
CVE-2023-49469Shaarli 跨站脚本漏洞
CVE-2023-50038Textpattern CMS 安全漏洞
CVE-2023-50692JIZHICMS 安全漏洞
CVE-2023-51006Chinese Perpetual Calendar 安全漏洞
CVE-2023-51010com.sdjictec.qdmetro 安全漏洞
CVE-2023-46987SeaCMS 安全漏洞
CVE-2023-50104ZZCMS 安全漏洞
CVE-2023-50448Active Admin 安全漏洞
CVE-2023-50470SeaCMS 安全漏洞
CVE-2023-52152mUPnP 安全漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2023-50445

No comments yet

Leave a comment