CVE-2023-31472

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
gl-inetgl-s20_firmware
𝑥
< 3.216
gl-inetgl-x3000_firmware
𝑥
< 3.216
gl-inetgl-mt3000_firmware
𝑥
< 3.216
gl-inetgl-mt2500_firmware
𝑥
< 3.216
gl-inetgl-mt2500a_firmware
𝑥
< 3.216
gl-inetgl-axt1800_firmware
𝑥
< 3.216
gl-inetgl-a1300_firmware
𝑥
< 3.216
gl-inetgl-ax1800_firmware
𝑥
< 3.216
gl-inetgl-sft1200_firmware
𝑥
< 3.216
gl-inetgl-mt1300_firmware
𝑥
< 3.216
gl-inetgl-e750_firmware
𝑥
< 3.216
gl-inetgl-mv1000_firmware
𝑥
< 3.216
gl-inetgl-mv1000w_firmware
𝑥
< 3.216
gl-inetgl-s10_firmware
𝑥
< 3.216
gl-inetgl-s200_firmware
𝑥
< 3.216
gl-inetgl-s1300_firmware
𝑥
< 3.216
gl-inetgl-sf1200_firmware
𝑥
< 3.216
gl-inetgl-b1300_firmware
𝑥
< 3.216
gl-inetgl-b2200_firmware
𝑥
< 3.216
gl-inetgl-ap1300_firmware
𝑥
< 3.216
gl-inetgl-ap1300lte_firmware
𝑥
< 3.216
gl-inetgl-x1200_firmware
𝑥
< 3.216
gl-inetgl-x750_firmware
𝑥
< 3.216
gl-inetgl-x300b_firmware
𝑥
< 3.216
gl-inetgl-xe300_firmware
𝑥
< 3.216
gl-inetgl-ar750s_firmware
𝑥
< 3.216
gl-inetgl-ar750_firmware
𝑥
< 3.216
gl-inetgl-mifi_firmware
𝑥
< 3.216
gl-inetgl-mt300n-v2_firmware
𝑥
< 3.216
gl-inetgl-ar300m_firmware
𝑥
< 3.216
gl-inetgl-usb150_firmware
𝑥
< 3.216
gl-inetmicrouter-n300_firmware
𝑥
< 3.216
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md
https://www.gl-inet.com
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md
https://www.gl-inet.com