CVE-2023-31472

Exploit

EPSS 26.69%
Veröffentlicht 09.05.2023 18:15:14
Zuletzt bearbeitet 29.01.2025 21:15:19
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gl-inet ≫ Gl-s20 Firmware Version < 3.216

Gl-inet ≫ Gl-s20 Version-

Gl-inet ≫ Gl-x3000 Firmware Version < 3.216

Gl-inet ≫ Gl-x3000 Version-

Gl-inet ≫ Gl-mt3000 Firmware Version < 3.216

Gl-inet ≫ Gl-mt3000 Version-

Gl-inet ≫ Gl-mt2500 Firmware Version < 3.216

Gl-inet ≫ Gl-mt2500 Version-

Gl-inet ≫ Gl-mt2500a Firmware Version < 3.216

Gl-inet ≫ Gl-mt2500a Version-

Gl-inet ≫ Gl-axt1800 Firmware Version < 3.216

Gl-inet ≫ Gl-axt1800 Version-

Gl-inet ≫ Gl-a1300 Firmware Version < 3.216

Gl-inet ≫ Gl-a1300 Version-

Gl-inet ≫ Gl-ax1800 Firmware Version < 3.216

Gl-inet ≫ Gl-ax1800 Version-

Gl-inet ≫ Gl-sft1200 Firmware Version < 3.216

Gl-inet ≫ Gl-sft1200 Version-

Gl-inet ≫ Gl-mt1300 Firmware Version < 3.216

Gl-inet ≫ Gl-mt1300 Version-

Gl-inet ≫ Gl-e750 Firmware Version < 3.216

Gl-inet ≫ Gl-e750 Version-

Gl-inet ≫ Gl-mv1000 Firmware Version < 3.216

Gl-inet ≫ Gl-mv1000 Version-

Gl-inet ≫ Gl-mv1000w Firmware Version < 3.216

Gl-inet ≫ Gl-mv1000w Version-

Gl-inet ≫ Gl-s10 Firmware Version < 3.216

Gl-inet ≫ Gl-s10 Version-

Gl-inet ≫ Gl-s200 Firmware Version < 3.216

Gl-inet ≫ Gl-s200 Version-

Gl-inet ≫ Gl-s1300 Firmware Version < 3.216

Gl-inet ≫ Gl-s1300 Version-

Gl-inet ≫ Gl-sf1200 Firmware Version < 3.216

Gl-inet ≫ Gl-sf1200 Version-

Gl-inet ≫ Gl-b1300 Firmware Version < 3.216

Gl-inet ≫ Gl-b1300 Version-

Gl-inet ≫ Gl-b2200 Firmware Version < 3.216

Gl-inet ≫ Gl-b2200 Version-

Gl-inet ≫ Gl-ap1300 Firmware Version < 3.216

Gl-inet ≫ Gl-ap1300 Version-

Gl-inet ≫ Gl-ap1300lte Firmware Version < 3.216

Gl-inet ≫ Gl-ap1300lte Version-

Gl-inet ≫ Gl-x1200 Firmware Version < 3.216

Gl-inet ≫ Gl-x1200 Version-

Gl-inet ≫ Gl-x750 Firmware Version < 3.216

Gl-inet ≫ Gl-x750 Version-

Gl-inet ≫ Gl-x300b Firmware Version < 3.216

Gl-inet ≫ Gl-x300b Version-

Gl-inet ≫ Gl-xe300 Firmware Version < 3.216

Gl-inet ≫ Gl-xe300 Version-

Gl-inet ≫ Gl-ar750s Firmware Version < 3.216

Gl-inet ≫ Gl-ar750s Version-

Gl-inet ≫ Gl-ar750 Firmware Version < 3.216

Gl-inet ≫ Gl-ar750 Version-

Gl-inet ≫ Gl-mifi Firmware Version < 3.216

Gl-inet ≫ Gl-mifi Version-

Gl-inet ≫ Gl-mt300n-v2 Firmware Version < 3.216

Gl-inet ≫ Gl-mt300n-v2 Version-

Gl-inet ≫ Gl-ar300m Firmware Version < 3.216

Gl-inet ≫ Gl-ar300m Version-

Gl-inet ≫ Gl-usb150 Firmware Version < 3.216

Gl-inet ≫ Gl-usb150 Version-

Gl-inet ≫ Microuter-n300 Firmware Version < 3.216

Gl-inet ≫ Microuter-n300 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	26.69%	0.962

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://www.gl-inet.com

Vendor Advisory

https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-31472

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-31472

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-31472

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-31472