mod advisory

This commit is contained in:
dzonerzy 2023-11-27 18:00:08 +01:00
parent af492efdf8
commit 0db12a3c5e

View File

@ -5,6 +5,7 @@ GLiNet: Router Authentication Bypass
========================================================================
Contents
========================================================================
1. Overview
2. Detailed Description
3. Exploit
@ -13,6 +14,7 @@ Contents
========================================================================
1. Overview
========================================================================
CVE-2023-46453 is a remote authentication bypass vulnerability in the web
interface of GLiNet routers running firmware versions 4.x and up. The
vulnerability allows an attacker to bypass authentication and gain access
@ -21,6 +23,7 @@ to the router's web interface.
========================================================================
2. Detailed Description
========================================================================
The vulnerability is caused by a lack of proper authentication checks in
/usr/sbin/gl-ngx-session file. The file is responsible for authenticating
users to the web interface. The authentication is in different stages.