CVE-2023-50919

Name of the Vulnerable Software and Affected Versions GL.iNet devices versions prior to 4.5.0

Description An issue was discovered in GL.iNet devices, where there is an NGINX authentication bypass via Lua string pattern matching. This allows a remote attacker to bypass authentication and gain unauthorized access to protected information.

Recommendations For versions prior to 4.5.0, update to version 4.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to Lua scripts to minimize the risk of exploitation.