CVE-2023-50921 in A1300info

Summary

by MITRE • 01/03/2024

An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 06/19/2025

The vulnerability identified as CVE-2023-50921 represents a critical privilege escalation flaw affecting multiple GL.iNet router models including A1300, AX1800, AXT1800, MT3000, MT2500, MT6000, MT1300, MT300N-V2, AR750S, AR750, AR300M, and B1300. This issue exists within the system module's add_user interface functionality, which has been designed to allow legitimate administrative user creation but has been improperly implemented to permit unauthorized access to root privileges. The vulnerability affects firmware versions up to and including 4.5.0, with specific affected versions noted as 4.4.6 for several models and 4.3.7 for others, indicating this flaw has persisted across multiple firmware releases and represents a long-standing security weakness in the device management infrastructure.

The technical implementation of this vulnerability stems from insufficient input validation and access control mechanisms within the add_user interface. When attackers interact with this system module, they can exploit a flaw that allows them to bypass normal authentication and authorization checks that should prevent unauthorized privilege escalation. This flaw essentially creates a backdoor path through which any remote attacker can gain root access to the device without proper credentials, effectively compromising the entire network infrastructure. The vulnerability operates at the application level within the device's web interface, making it particularly dangerous as it can be exploited through standard network connections without requiring physical access or specialized equipment. The flaw aligns with CWE-284, which describes improper access control issues, and represents a classic example of privilege escalation where insufficient authorization checks allow attackers to assume elevated privileges.

The operational impact of this vulnerability is severe and far-reaching for any organization or individual using affected GL.iNet devices. Once an attacker gains root access, they can completely compromise the device's security posture, potentially gaining access to all network communications, modifying firewall rules, installing malicious software, or using the device as a pivot point for attacks on other networked systems. The affected devices are commonly used in both residential and small business environments, making them attractive targets for cybercriminals seeking to establish persistent access points or to use the devices as launching platforms for broader network attacks. The vulnerability's presence in multiple models across different firmware versions suggests that this represents a systemic flaw in the device management architecture rather than an isolated incident, increasing the potential attack surface and the number of vulnerable devices in the wild.

Organizations and users should immediately implement mitigations to address this vulnerability, beginning with firmware updates from GL.iNet as soon as patches become available. Network segmentation and firewall rules should be implemented to restrict access to device management interfaces from untrusted networks, while monitoring for suspicious activity on affected devices becomes critical. The vulnerability's nature makes it particularly susceptible to automated exploitation, meaning that devices exposed to the internet should be prioritized for immediate remediation. Security teams should also consider implementing network intrusion detection systems to monitor for exploitation attempts and ensure that default administrative credentials are changed and that access to device management interfaces is restricted to authorized personnel only. This vulnerability demonstrates the critical importance of proper access control implementation and regular security assessments of network infrastructure components, particularly those with web-based management interfaces that are frequently exposed to external network traffic.

Reservation

12/15/2023

Disclosure

01/03/2024

Moderation

accepted

CPE

ready

EPSS

0.00519

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!