CVE-2023-46453

Published: May 8, 2026

Modified: May 8, 2026

PUBLISHED

Description

Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S GL-MT2500 GL-AXT1800 GL-X3000 and GL-SFT1200.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.exploit-db.com/exploits/51865

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-46453

Description

Affected Products

References