What is CVE-2023-50919?

CVE-2023-50919 is a vulnerability in N/a. Published 2024-01-12.

Is CVE-2023-50919 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-50919

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT13…

EPSS: 0.523 (98.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass.md
packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Exe…

Frequently asked questions

What is CVE-2023-50919?: CVE-2023-50919 is a vulnerability in N/a. Published 2024-01-12.
Is CVE-2023-50919 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.