GL.iNet GL-AX1800 Critical Vulnerability CVE-2023-47464
Product: GL.iNet GL-AX1800 router
Affected Version: Not specified in the article, but the vulnerability is identified as CVE-2023-47464. Severity: Critical
Vulnerability Details Description: A critical vulnerability, CVE-2023-47464, has been discovered in the GL.iNet GL-AX1800 router. This vulnerability is a result of multiple security flaws, including Cross-Site Request Forgery (CSRF), insecure file uploads, path traversal, file overwrite, and unrestricted file access. The combination of these flaws allows for various attacks, including Remote Code Execution (RCE). Impact: Exploiting these vulnerabilities can lead to unauthorized control over the router, data breaches, network compromise, privacy violations, and the distribution of malware. Attackers can upload malicious files, access restricted directories, and download sensitive information.
Steps to Reproduce:
Identify a vulnerable GL.iNet GL-AX1800 router.
Exploit vulnerabilities such as CSRF, insecure file uploads, or path traversal to gain unauthorized access.
Use the file overwrite and unrestricted file access flaws to achieve Remote Code Execution.
Reference:
CVE-2023-47464