Cyber Resilience

CVE-2023-29778

CriticalPublic PoCRCE

Published: 02 May 2023

Published
02 May 2023
Modified
30 January 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1224 94.0th percentile
Risk Priority 27 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-29778 is a critical-severity OS Command Injection (CWE-78) vulnerability in Gl-Inet Gl-Mt3000 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 6.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

GL.iNET MT3000 firmware version 4.1.0 Release 2 contains an OS command injection vulnerability, tracked as CVE-2023-29778 with CWE-78, in the component located at /usr/lib/oui-httpd/rpc/logread. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible attack vectors that require no authentication or user interaction and result in complete loss of confidentiality, integrity, and availability.

An unauthenticated remote attacker can supply crafted input to the affected RPC endpoint and execute arbitrary operating-system commands on the device. Successful exploitation grants the attacker full control over the router, enabling actions such as traffic interception, persistence installation, or lateral movement within attached networks.

Public references point to GL.iNET product information and a detailed technical write-up that demonstrates the injection via the nginx log retrieval function, though no official patch or mitigation guidance is included in the available sources. The associated EPSS score rose from a low baseline to a peak of 0.2816 before receding to its current value of 0.1224, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

gl-inet
gl-mt3000 firmware
4.1.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References