CVE-2023-47462 in AX1800
Summary
by MITRE • 11/29/2023
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/24/2026
The CVE-2023-47462 vulnerability represents a critical insecure permissions flaw affecting GL.iNet AX1800 routers running firmware versions 3.215 and earlier. This vulnerability specifically targets the file sharing function within the router's web interface, creating a pathway for remote attackers to escalate privileges and execute arbitrary code on the affected device. The issue stems from inadequate access controls and permission validation mechanisms that fail to properly authenticate and authorize user requests when interacting with the file sharing functionality.
The technical implementation of this vulnerability involves a failure in the router's authorization framework where the file sharing component does not adequately verify user credentials or session tokens before processing file operations. Attackers can exploit this by crafting malicious requests that bypass normal access controls, potentially allowing them to upload malicious files, modify system configurations, or execute commands with elevated privileges. This weakness directly relates to CWE-284 which describes improper access control vulnerabilities, and aligns with ATT&CK technique T1059.007 for command and scripting interpreter to establish persistent remote access capabilities.
The operational impact of this vulnerability extends beyond simple privilege escalation, as it provides attackers with complete control over the affected router. Once exploited, adversaries can manipulate network traffic, redirect connections, disable security features, or use the compromised device as a pivot point for attacking internal network resources. The remote nature of the attack means that threat actors can exploit this vulnerability from anywhere on the internet without requiring physical access to the device, making it particularly dangerous for both residential and enterprise deployments. Network administrators face the challenge of defending against attacks that can occur without any local network presence or user interaction.
Mitigation strategies for CVE-2023-47462 should prioritize immediate firmware updates from GL.iNet to address the underlying permission validation flaws. Organizations should also implement network segmentation to limit exposure of affected devices and monitor for suspicious network traffic patterns that might indicate exploitation attempts. Additional defensive measures include disabling unnecessary file sharing functions when not required, implementing strict firewall rules to restrict access to router management interfaces, and conducting regular security audits of network infrastructure. The vulnerability highlights the importance of proper input validation and access control implementation in embedded systems and underscores the need for regular security assessments of network devices to prevent similar issues from arising in the future.