CVE-2023-31472

EUVD-2023-35777
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
gl-inetgl-s20_firmware
𝑥
< 3.216
gl-inetgl-x3000_firmware
𝑥
< 3.216
gl-inetgl-mt3000_firmware
𝑥
< 3.216
gl-inetgl-mt2500_firmware
𝑥
< 3.216
gl-inetgl-mt2500a_firmware
𝑥
< 3.216
gl-inetgl-axt1800_firmware
𝑥
< 3.216
gl-inetgl-a1300_firmware
𝑥
< 3.216
gl-inetgl-ax1800_firmware
𝑥
< 3.216
gl-inetgl-sft1200_firmware
𝑥
< 3.216
gl-inetgl-mt1300_firmware
𝑥
< 3.216
gl-inetgl-e750_firmware
𝑥
< 3.216
gl-inetgl-mv1000_firmware
𝑥
< 3.216
gl-inetgl-mv1000w_firmware
𝑥
< 3.216
gl-inetgl-s10_firmware
𝑥
< 3.216
gl-inetgl-s200_firmware
𝑥
< 3.216
gl-inetgl-s1300_firmware
𝑥
< 3.216
gl-inetgl-sf1200_firmware
𝑥
< 3.216
gl-inetgl-b1300_firmware
𝑥
< 3.216
gl-inetgl-b2200_firmware
𝑥
< 3.216
gl-inetgl-ap1300_firmware
𝑥
< 3.216
gl-inetgl-ap1300lte_firmware
𝑥
< 3.216
gl-inetgl-x1200_firmware
𝑥
< 3.216
gl-inetgl-x750_firmware
𝑥
< 3.216
gl-inetgl-x300b_firmware
𝑥
< 3.216
gl-inetgl-xe300_firmware
𝑥
< 3.216
gl-inetgl-ar750s_firmware
𝑥
< 3.216
gl-inetgl-ar750_firmware
𝑥
< 3.216
gl-inetgl-mifi_firmware
𝑥
< 3.216
gl-inetgl-mt300n-v2_firmware
𝑥
< 3.216
gl-inetgl-ar300m_firmware
𝑥
< 3.216
gl-inetgl-usb150_firmware
𝑥
< 3.216
gl-inetmicrouter-n300_firmware
𝑥
< 3.216
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md
https://www.gl-inet.com
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md
https://www.gl-inet.com