CVE-2023-47463 in AX1800
Summary
by MITRE • 11/30/2023
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/24/2026
The vulnerability identified as CVE-2023-47463 represents a critical insecure permissions flaw within the GL.iNet AX1800 router firmware version 4.0.0 through 4.4.0. This issue stems from inadequate access controls and authentication mechanisms within the gl_nas_sys function, which serves as a critical interface for system administration and network management operations. The vulnerability allows remote attackers to bypass authentication protocols and execute malicious code directly on the affected device, potentially compromising the entire network infrastructure.
The technical exploitation of this vulnerability occurs through the manipulation of the gl_nas_sys authentication function, which is designed to handle network access requests and system commands. Attackers can craft specially formatted scripts that exploit improper input validation and insufficient permission checks within this function. The flaw exists in the firmware's handling of authentication tokens and session management, creating a path for unauthorized remote code execution without proper credentials. This vulnerability falls under the CWE-284 access control weakness category, specifically addressing inadequate permissions and authentication mechanisms that allow unauthorized access to privileged system functions.
The operational impact of this vulnerability is severe and far-reaching, as it enables attackers to gain complete control over the affected GL.iNet AX1800 devices. Once exploited, remote code execution allows adversaries to install backdoors, modify network configurations, access sensitive data, and potentially use the compromised device as a pivot point for attacking other systems within the network. The vulnerability affects not just individual devices but entire network infrastructures, as routers serve as critical gateway points for network communication and security enforcement. This weakness can be leveraged to establish persistent access, conduct man-in-the-middle attacks, or facilitate lateral movement within corporate or residential networks.
Mitigation strategies for CVE-2023-47463 primarily focus on immediate firmware updates to versions 4.5.0 and later, which contain the necessary patches addressing the insecure permissions issue. Network administrators should also implement network segmentation and monitoring to detect anomalous traffic patterns that may indicate exploitation attempts. Additional protective measures include disabling unnecessary services, implementing strong network access controls, and regularly auditing system configurations. The vulnerability aligns with ATT&CK technique T1059.007 for command and scripting interpreter, as attackers can leverage the compromised system to execute malicious scripts and commands. Organizations should also consider implementing intrusion detection systems and network behavior analysis tools to identify potential exploitation attempts and maintain continuous monitoring of their network infrastructure for signs of compromise.