N/A

An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

N/A

N/A

GL.iNet devices 安全漏洞

GL.iNet devices是中国GL.iNet公司的一系列硬件设备。 GL.iNet devices存在安全漏洞，该漏洞源于在每次用户重新启动后分配相同的会话 ID，允许攻击者在不同会话之间共享会话标识符并绕过身份验证或访问控制措施，以下产品和版本受到影响：A1300、AX1800、AXT1800、MT3000、MT2500、MT6000、MT1300、MT300N-V2、AR750S、AR750、AR300M、B1300 4.5.0之前固件版本。

N/A

N/A