Firmware roadmap for AR300M, AR300M16, AR750, and AR750S

Technical Support for Routers
12

I checked them for you:

CVE without root password?
CVE-2023-47464 :no_entry_sign:
CVE-2023-47463 :white_check_mark: (when WebDAV is active, fixed in 4.5.0)
CVE-2023-50919 :white_check_mark: (fixed in 4.5.0)
CVE-2023-50920 :no_entry_sign: (requires physical access)
CVE-2023-50921 :no_entry_sign: (fixed in 4.5.0)
CVE-2023-46454 :no_entry_sign: (requires upload of OpenVPN file)
CVE-2023-46455 :no_entry_sign: (requires upload of OpenVPN file)
CVE-2023-46456 :no_entry_sign: (requires upload of OpenVPN file)
CVE-2023-50922 :white_check_mark: (but not really, since you need to steal a Cookie before)

Guess @alzhao can confirm this?