OpenCVE

An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Gl-inet	Gl-a1300 Gl-a1300 Firmware Gl-ar300m Gl-ar300m Firmware Gl-ar750 Gl-ar750 Firmware Gl-ar750s Gl-ar750s Firmware Gl-ax1800 Gl-ax1800 Firmware Gl-axt1800 Gl-axt1800 Firmware Gl-b1300 Gl-b1300 Firmware Gl-mt1300 Gl-mt1300 Firmware Gl-mt2500 Gl-mt2500 Firmware Gl-mt3000 Gl-mt3000 Firmware Gl-mt300n-v2 Gl-mt300n-v2 Firmware Gl-mt6000 Gl-mt6000 Firmware
Gl.inet	A1300 Ar300m Ar750 Ar750s Ax1800 Axt1800 B1300 Mt1300 Mt2500 Mt3000 Mt300n V2 Mt6000

Configuration 1 [-]

AND

OR	cpe:2.3:o:gl-inet:gl-ax1800_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-ax1800_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:gl-inet:gl-mt3000_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-mt3000_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:gl-inet:gl-mt2500_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-mt2500_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-mt6000:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

OR	cpe:2.3:o:gl-inet:gl-ar750_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-ar750_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

OR	cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

OR	cpe:2.3:o:gl-inet:gl-b1300_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-b1300_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

OR	cpe:2.3:o:gl-inet:gl-a1300_firmware:4.3.7:::::::*
	cpe:2.3:o:gl-inet:gl-a1300_firmware:4.4.6:::::::*

cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass-seesion-ID.md

History

Wed, 06 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gl.inet Gl.inet a1300 Gl.inet ar300m Gl.inet ar750 Gl.inet ar750s Gl.inet ax1800 Gl.inet axt1800 Gl.inet b1300 Gl.inet mt1300 Gl.inet mt2500 Gl.inet mt3000 Gl.inet mt300n V2 Gl.inet mt6000
CPEs		cpe:2.3:h:gl.inet:A1300:-:::::::* cpe:2.3:h:gl.inet:AR300M:-:::::::* cpe:2.3:h:gl.inet:AR750:-:::::::* cpe:2.3:h:gl.inet:AR750S:-:::::::* cpe:2.3:h:gl.inet:AX1800:-:::::::* cpe:2.3:h:gl.inet:AXT1800:-:::::::* cpe:2.3:h:gl.inet:B1300:-:::::::* cpe:2.3:h:gl.inet:MT1300:-:::::::* cpe:2.3:h:gl.inet:MT2500:-:::::::* cpe:2.3:h:gl.inet:MT3000:-:::::::* cpe:2.3:h:gl.inet:MT300N_V2:-:::::::* cpe:2.3:h:gl.inet:MT6000:-:::::::*
Vendors & Products		Gl.inet Gl.inet a1300 Gl.inet ar300m Gl.inet ar750 Gl.inet ar750s Gl.inet ax1800 Gl.inet axt1800 Gl.inet b1300 Gl.inet mt1300 Gl.inet mt2500 Gl.inet mt3000 Gl.inet mt300n V2 Gl.inet mt6000
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-12T00:00:00

Updated: 2024-11-06T17:23:37.520Z

Reserved: 2023-12-15T00:00:00

Link: CVE-2023-50920

Vulnrichment

Updated: 2024-08-02T22:23:44.170Z

NVD

Status : Modified

Published: 2024-01-12T08:15:43.590

Modified: 2024-11-21T08:37:31.863

Link: CVE-2023-50920

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object