The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (/cgi-bin/luci). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface.
Weakness
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ax1800_firmware | Gl-inet | 4.2.0 (including) | 4.2.0 (including) |
| Ax1800_firmware | Gl-inet | 4.6.4 (including) | 4.6.4 (including) |
| Ax1800_firmware | Gl-inet | 4.6.8 (including) | 4.6.8 (including) |
Potential Mitigations
Common protection mechanisms include:
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/16.html
- https://cwe.mitre.org/data/definitions/49.html
- https://cwe.mitre.org/data/definitions/560.html
- https://cwe.mitre.org/data/definitions/565.html
- https://cwe.mitre.org/data/definitions/600.html
- https://cwe.mitre.org/data/definitions/652.html
- https://cwe.mitre.org/data/definitions/653.html
References
- https://aleksazatezalo.medium.com/critical-command-injection-vulnerability-in-gl-inet-gl-axt1800-router-firmware-e6d67d81ee51
- https://aleksazatezalo.medium.com/critical-command-injection-vulnerability-in-gl-inet-gl-axt1800-router-firmware-e6d67d81ee51?postPublishedType=repub
- https://www.gl-inet.com/security/