CVE-2023-46455

HIGH NUCLEI

GL.iNET GL-AR300M <4.3.7 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-46455. PoCs published by cyberaz0r. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit leverages an arbitrary file write vulnerability in GL.iNet <= 4.3.7 by uploading a crafted shadow file to /etc/shadow via a path traversal in the upload endpoint, allowing password reset for the root user.

Description

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.

Exploits (1)

exploitdb WORKING POC

by cyberaz0r · pythonremotehardware

https://www.exploit-db.com/exploits/51851

View Code ZIP pw:eip

This exploit leverages an arbitrary file write vulnerability in GL.iNet <= 4.3.7 by uploading a crafted shadow file to /etc/shadow via a path traversal in the upload endpoint, allowing password reset for the root user.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: GL.iNet <= 4.3.7

Auth required

Prerequisites: Valid authentication token · Network access to the target device

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

GL.iNet <= 4.3.7 - Arbitrary File Write

HIGHby Zierax

Shodan: title:"GL.iNet Admin Panel"

References (2)

Core 2

Core References

Third Party Advisory

https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/

Product

https://www.gl-inet.com/

Scores

CVSS v3 7.5

EPSS 0.4697

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

gl-inet/gl-ar300m_firmware 4.3.7

Published Dec 12, 2023

Tracked Since Feb 18, 2026