CVE-2023-46455

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 12, 2023

Updated: Dec 14, 2023

CWE ID 22

Summary

CVE-2023-46455 is a newly disclosed vulnerability affecting GL.iNET GL-AR300M routers running firmware version 4.3.7. This issue allows an attacker to conduct a path traversal attack on the OpenVPN client file upload functionality, enabling them to write arbitrary files on the system. Successful exploitation could result in unauthorized modification or execution of critical system files, potentially leading to compromised router functionality or unauthorized network access. Users are advised to update their firmware to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tGo3rm
https://www.cve.org/CVERecord?id=CVE-2023-46455
https://nvd.nist.gov/vuln/detail/CVE-2023-46455

Back to Vulnerability Database

CVE-2023-46455

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations