CVE-2023-33621

Name of the Vulnerable Software and Affected Versions GL.iNET GL-AR750S-Ext firmware version 3.215

Description The issue concerns the insertion of the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. This token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay.

Recommendations For GL.iNET GL-AR750S-Ext firmware version 3.215, consider clearing browser history and access logs regularly to minimize the risk of exploitation. As a temporary workaround, restrict access to the OpenVPN Server config file download feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.