CVE-2023-33621 (GCVE-0-2023-33621)

Vulnerability from cvelistv5 – Published: 2023-06-13 00:00 – Updated: 2025-01-03 02:24
VLAI?
Summary
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:47:06.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://glinet.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://gl-ar750s-ext.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://justinapplegate.me/2023/glinet-CVE-2023-33621/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33621",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-03T02:24:23.438406Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-03T02:24:34.729Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "http://glinet.com"
        },
        {
          "url": "http://gl-ar750s-ext.com"
        },
        {
          "url": "https://justinapplegate.me/2023/glinet-CVE-2023-33621/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-33621",
    "datePublished": "2023-06-13T00:00:00",
    "dateReserved": "2023-05-22T00:00:00",
    "dateUpdated": "2025-01-03T02:24:34.729Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gl-inet:gl-ar750s_firmware:3.215:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99E78333-5DE5-4577-8DE2-5C0C8B4EE5BB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C939D70-5353-43B7-AEF9-8F1D784DD4EF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay.\"}]",
      "id": "CVE-2023-33621",
      "lastModified": "2024-11-21T08:05:46.173",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}]}",
      "published": "2023-06-13T16:15:13.027",
      "references": "[{\"url\": \"http://gl-ar750s-ext.com\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://glinet.com\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://justinapplegate.me/2023/glinet-CVE-2023-33621/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://gl-ar750s-ext.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://glinet.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://justinapplegate.me/2023/glinet-CVE-2023-33621/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-294\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-33621\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-06-13T16:15:13.027\",\"lastModified\":\"2024-11-21T08:05:46.173\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-294\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gl-inet:gl-ar750s_firmware:3.215:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E78333-5DE5-4577-8DE2-5C0C8B4EE5BB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C939D70-5353-43B7-AEF9-8F1D784DD4EF\"}]}]}],\"references\":[{\"url\":\"http://gl-ar750s-ext.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://glinet.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://justinapplegate.me/2023/glinet-CVE-2023-33621/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://gl-ar750s-ext.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://glinet.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://justinapplegate.me/2023/glinet-CVE-2023-33621/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://glinet.com\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://gl-ar750s-ext.com\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://justinapplegate.me/2023/glinet-CVE-2023-33621/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T15:47:06.473Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-33621\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-03T02:24:23.438406Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-03T02:24:30.478Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"http://glinet.com\"}, {\"url\": \"http://gl-ar750s-ext.com\"}, {\"url\": \"https://justinapplegate.me/2023/glinet-CVE-2023-33621/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-06-13T00:00:00\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-33621\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-03T02:24:34.729Z\", \"dateReserved\": \"2023-05-22T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-06-13T00:00:00\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.