CVE-2023-46454
Description
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.
NVD
Severity: CRITICAL
CVE ID: CVE-2023-46454
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
cyberaz0r
Exploits for GL.iNet CVE-2023-46454, CVE-2023-46455 and CVE-2023-46456
Refrence: GitHub