Arbitrary Shell Command Injection in GL.iNET GL-AR300M Routers
CVE-2023-46456

9.8CRITICAL

Key Information:

Vendor: GL.iNET
Vendor: CVE Published:; 12 December 2023

What is CVE-2023-46456?

A vulnerability exists in GL.iNET GL-AR300M routers allowing attackers to inject arbitrary shell commands via the OpenVPN client file upload feature. This could lead to unauthorized command execution, posing a significant security risk to the router and connected networks.

References

https://www.gl-inet.com/

https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabil...

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Oct 23, 2023

CVE-2023-46456 Data

JSON