Cyber Resilience

CVE-2023-24261

HighPublic PoCRCE

Published: 21 June 2023

Published
21 June 2023
Modified
06 December 2024
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0664 91.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-24261 is a high-severity OS Command Injection (CWE-78) vulnerability in Gl-Inet Gl-E750 Firmware. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 8.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A vulnerability tracked as CVE-2023-24261 affects the GL.iNET GL-E750 Mudi router in firmware versions prior to v3.216. The flaw, classified under CWE-78, permits command injection and carries a CVSS 3.1 score of 7.2. It is triggered when an authenticated user submits a specially crafted POST request to the device.

An attacker who already possesses administrative credentials can send the malicious request over the network to execute arbitrary commands on the underlying operating system. Successful exploitation grants full control over the device, allowing the attacker to read or modify data, alter device behavior, and disrupt availability.

The affected firmware versions are those earlier than v3.216; the vendor indicates that updating to v3.216 resolves the issue. Public references consist of technical write-ups that detail the request format used to trigger the injection. The associated EPSS score has remained flat at 0.0664 with no material increase since disclosure.

EU & UK References

Vulnerability details

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

gl-inet
gl-e750 firmware
≤ 3.216

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References