Skip to main content

CVE-2023-46454

Description

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.

NVD
Severity: CRITICAL
CVE ID: CVE-2023-46454
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

cyberaz0r

Exploits for GL.iNet CVE-2023-46454, CVE-2023-46455 and CVE-2023-46456

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8