Authentication Bypass in GL.iNet Devices 4.x Firmware
CVE-2023-46453

9.8CRITICAL

Key Information:

Vendor: GL.iNet
Status: Firmware 4.x
Vendor: CVE Published:; 8 May 2026

What is CVE-2023-46453?

Certain GL.iNet devices with 4.x firmware are vulnerable to an authentication bypass issue that allows attackers to gain administrative control over the device. This occurs when a username serves as both a valid SQL statement and a valid regular expression, enabling unauthorized access to sensitive functionalities. Affected versions include 4.3.7 on devices such as GL-MT3000, GL-AR300M, GL-B1300, and others. It is crucial for users to apply updates and review security measures to protect their devices from potential exploitation.

References

https://www.exploit-db.com/exploits/51865

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
Oct 23, 2023

CVE-2023-46453 Data

JSON