CVE-2023-46453

Name: CVE-2023-46453
Creator: NVD / NIST
Published: 2026-05-08T07:16:27.85+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 0.76%

Last modified Jun 17, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S GL-MT2500 GL-AXT1800 GL-X3000 and GL-SFT1200.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.76%

50.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-89

References

https://www.exploit-db.com/exploits/51865
https://www.exploit-db.com/exploits/51865

Timeline

Published: May 8, 2026
Last Modified: Jun 17, 2026
Status: Awaiting Analysis

Are you affected by CVE-2023-46453?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST