all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

GL.iNet Unauthenticated Remote Command Execution

Add to bookmarks
Jan. 24, 2024, 3:18 p.m. |

Packet Storm packetstormsecurity.com

A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the gl_system_log and gl_crash_log interface in the logread module. This Metasploit exploit requires post-authentication using the Admin-Token cookie/sessionID (SID), typically stolen by the attacker. However, by chaining this exploit with vulnerability CVE-2023-50919, one can bypass the Nginx authentication through a Lua string pattern matching and SQL injection vulnerability. The Admin-Token cookie/SID can be retrieved without knowing …

admin attacker authentication command command injection cookie exploit inject injection interface json metasploit network products remote command execution shell sid stolen token unauthenticated vulnerability

Visit resource

More from packetstormsecurity.com / Packet Storm

The Not-So-Silent Type 1 day, 9 hours ago | packetstormsecurity.com
apps called keyboard keystrokes +6
Ubuntu Security Notice USN-6754-1 1 day, 9 hours ago | packetstormsecurity.com
attacker denial of service http implementation +11
Ubuntu Security Notice USN-6753-1 1 day, 9 hours ago | packetstormsecurity.com
attacker configuration cryptographic default +14
Debian Security Advisory 5674-1 1 day, 9 hours ago | packetstormsecurity.com
advisory debian debian linux security denial of service +9
Ubuntu Security Notice USN-6751-1 1 day, 9 hours ago | packetstormsecurity.com
attacker attacks cross-site data +11
Ubuntu Security Notice USN-6752-1 1 day, 9 hours ago | packetstormsecurity.com
attacker crash denial of service issue +10
Red Hat Security Advisory 2024-2066-03 1 day, 9 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +5
Red Hat Security Advisory 2024-2064-03 1 day, 9 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +5
Red Hat Security Advisory 2024-2063-03 1 day, 9 hours ago | packetstormsecurity.com
advisory buffer buffer overflow enterprise +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Salesforce Solution Consultant

@ BeyondTrust | Remote United States
View on infosec-jobs.com

Divisional Deputy City Solicitor, Public Safety Compliance Counsel - Compliance and Legislation Unit

@ City of Philadelphia | Philadelphia, PA, United States
View on infosec-jobs.com

Security Engineer, IT IAM, EIS

@ Micron Technology | Hyderabad - Skyview, India
View on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

Werkstudent Cybersecurity (m/w/d)

@ Brose Group | Bamberg, DE, 96052
View on infosec-jobs.com
View more jobs