An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
Configuration 11 [-]
| AND |
|
Configuration 12 [-]
| AND |
|
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Gl-inet
Subscribe
|
Gl-a1300
Subscribe
Gl-a1300 Firmware
Subscribe
Gl-ar300m
Subscribe
Gl-ar300m Firmware
Subscribe
Gl-ar750
Subscribe
Gl-ar750 Firmware
Subscribe
Gl-ar750s
Subscribe
Gl-ar750s Firmware
Subscribe
Gl-ax1800
Subscribe
Gl-ax1800 Firmware
Subscribe
Gl-axt1800
Subscribe
Gl-axt1800 Firmware
Subscribe
Gl-b1300
Subscribe
Gl-b1300 Firmware
Subscribe
Gl-mt1300
Subscribe
Gl-mt1300 Firmware
Subscribe
Gl-mt2500
Subscribe
Gl-mt2500 Firmware
Subscribe
Gl-mt3000
Subscribe
Gl-mt3000 Firmware
Subscribe
Gl-mt300n-v2
Subscribe
Gl-mt300n-v2 Firmware
Subscribe
Gl-mt6000
Subscribe
Gl-mt6000 Firmware
Subscribe
|
|
Gl.inet
Subscribe
|
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 06 Nov 2024 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Gl.inet
Gl.inet a1300 Gl.inet ar300m Gl.inet ar750 Gl.inet ar750s Gl.inet ax1800 Gl.inet axt1800 Gl.inet b1300 Gl.inet mt1300 Gl.inet mt2500 Gl.inet mt3000 Gl.inet mt300n V2 Gl.inet mt6000 |
|
| CPEs | cpe:2.3:h:gl.inet:A1300:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:AR300M:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:AR750:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:AR750S:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:AX1800:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:AXT1800:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:B1300:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:MT1300:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:MT2500:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:MT3000:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:MT300N_V2:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:MT6000:-:*:*:*:*:*:*:* |
|
| Vendors & Products |
Gl.inet
Gl.inet a1300 Gl.inet ar300m Gl.inet ar750 Gl.inet ar750s Gl.inet ax1800 Gl.inet axt1800 Gl.inet b1300 Gl.inet mt1300 Gl.inet mt2500 Gl.inet mt3000 Gl.inet mt300n V2 Gl.inet mt6000 |
|
| Metrics |
ssvc
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-06-17T16:05:04.445Z
Reserved: 2023-12-15T00:00:00.000Z
Link: CVE-2023-50920
Vulnrichment
Updated: 2024-08-02T22:23:44.170Z
NVD
Status : Modified
Published: 2024-01-12T08:15:43.590
Modified: 2025-06-17T16:15:27.100
Link: CVE-2023-50920
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses