CVE-2023-31472
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/05/2023
Last modified:
29/01/2025
Description
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:gl-inet:gl-s20_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) | |
| cpe:2.3:h:gl-inet:gl-s20:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-x3000_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) | |
| cpe:2.3:h:gl-inet:gl-x3000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) | |
| cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-mt2500_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) | |
| cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-mt2500a_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) | |
| cpe:2.3:h:gl-inet:gl-mt2500a:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-axt1800_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) | |
| cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-a1300_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) | |
| cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) |
To consult the complete list of CPE names with products and versions, see this page