CVE-2023-50920

Name of the Vulnerable Software and Affected Versions GL.iNet devices versions prior to 4.5.0

Description An issue was discovered where GL.iNet devices assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions.

Recommendations For versions prior to 4.5.0, update to version 4.5.0 or later to resolve the issue. As a temporary workaround, consider implementing additional authentication measures to minimize the risk of exploitation. Restrict access to sensitive areas of the device to minimize the risk of unauthorized actions.