An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
                
            Metrics
Affected Vendors & Products
References
        History
                    Wed, 06 Nov 2024 18:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Gl.inet Gl.inet a1300 Gl.inet ar300m Gl.inet ar750 Gl.inet ar750s Gl.inet ax1800 Gl.inet axt1800 Gl.inet b1300 Gl.inet mt1300 Gl.inet mt2500 Gl.inet mt3000 Gl.inet mt300n V2 Gl.inet mt6000 | |
| CPEs | cpe:2.3:h:gl.inet:A1300:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:AR300M:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:AR750:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:AR750S:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:AX1800:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:AXT1800:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:B1300:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:MT1300:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:MT2500:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:MT3000:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:MT300N_V2:-:*:*:*:*:*:*:* cpe:2.3:h:gl.inet:MT6000:-:*:*:*:*:*:*:* | |
| Vendors & Products | Gl.inet Gl.inet a1300 Gl.inet ar300m Gl.inet ar750 Gl.inet ar750s Gl.inet ax1800 Gl.inet axt1800 Gl.inet b1300 Gl.inet mt1300 Gl.inet mt2500 Gl.inet mt3000 Gl.inet mt300n V2 Gl.inet mt6000 | |
| Metrics | ssvc 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: mitre
Published: 2024-01-12T00:00:00.000Z
Updated: 2025-06-17T16:05:04.445Z
Reserved: 2023-12-15T00:00:00.000Z
Link: CVE-2023-50920
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-02T22:23:44.170Z
 NVD
                        NVD
                    Status : Modified
Published: 2024-01-12T08:15:43.590
Modified: 2025-06-17T16:15:27.100
Link: CVE-2023-50920
 Redhat
                        Redhat
                    No data.