CVE-2023-50445 Information

Description

Shell Injection vulnerability GL.iNet A1300 v4.4.6 AX1800 v4.4.6 AXT1800 v4.4.6 MT3000 v4.4.6 MT2500 v4.4.6 MT6000 v4.5.0 MT1300 v4.3.7 MT300N-V2 v4.3.7 AR750S v4.3.7 AR750 v4.3.7 AR300M v4.3.7 and B1300 v4.3.7. allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module as well as the upgrade_online function of the upgrade module.

Reference

https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Using%20Shell%20Metacharacter%20Injection%20via%20API.md