CVE-2023-31472 - Vulnerability Details

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.28495.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Gl-inet Subscribe	Gl-a1300 Subscribe Gl-a1300 Firmware Subscribe Gl-ap1300 Subscribe Gl-ap1300 Firmware Subscribe Gl-ap1300lte Subscribe Gl-ap1300lte Firmware Subscribe Gl-ar300m Subscribe Gl-ar300m Firmware Subscribe Gl-ar750 Subscribe Gl-ar750 Firmware Subscribe Gl-ar750s Subscribe Gl-ar750s Firmware Subscribe Gl-ax1800 Subscribe Gl-ax1800 Firmware Subscribe Gl-axt1800 Subscribe Gl-axt1800 Firmware Subscribe Gl-b1300 Subscribe Gl-b1300 Firmware Subscribe Gl-b2200 Subscribe Gl-b2200 Firmware Subscribe Gl-e750 Subscribe Gl-e750 Firmware Subscribe Gl-mifi Subscribe Gl-mifi Firmware Subscribe Gl-mt1300 Subscribe Gl-mt1300 Firmware Subscribe Gl-mt2500 Subscribe Gl-mt2500 Firmware Subscribe Gl-mt2500a Subscribe Gl-mt2500a Firmware Subscribe Gl-mt3000 Subscribe Gl-mt3000 Firmware Subscribe Gl-mt300n-v2 Subscribe Gl-mt300n-v2 Firmware Subscribe Gl-mv1000 Subscribe Gl-mv1000 Firmware Subscribe Gl-mv1000w Subscribe Gl-mv1000w Firmware Subscribe Gl-s10 Subscribe Gl-s10 Firmware Subscribe Gl-s1300 Subscribe Gl-s1300 Firmware Subscribe Gl-s20 Subscribe Gl-s200 Subscribe Gl-s200 Firmware Subscribe Gl-s20 Firmware Subscribe Gl-sf1200 Subscribe Gl-sf1200 Firmware Subscribe Gl-sft1200 Subscribe Gl-sft1200 Firmware Subscribe Gl-usb150 Subscribe Gl-usb150 Firmware Subscribe Gl-x1200 Subscribe Gl-x1200 Firmware Subscribe Gl-x3000 Subscribe Gl-x3000 Firmware Subscribe Gl-x300b Subscribe Gl-x300b Firmware Subscribe Gl-x750 Subscribe Gl-x750 Firmware Subscribe Gl-xe300 Subscribe Gl-xe300 Firmware Subscribe Microuter-n300 Subscribe Microuter-n300 Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:gl-inet:gl-s20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-s20:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:gl-inet:gl-x3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-x3000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:gl-inet:gl-mt2500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:gl-inet:gl-mt2500a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt2500a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:gl-inet:gl-axt1800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:gl-inet:gl-a1300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:gl-inet:gl-sft1200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-sft1200:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:gl-inet:gl-mt1300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:gl-inet:gl-e750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-e750:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:gl-inet:gl-mv1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mv1000:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:gl-inet:gl-mv1000w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mv1000w:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:gl-inet:gl-s10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-s10:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:gl-inet:gl-s200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-s200:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:gl-inet:gl-s1300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-s1300:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:gl-inet:gl-sf1200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-sf1200:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:gl-inet:gl-b1300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:gl-inet:gl-b2200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-b2200:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:gl-inet:gl-ap1300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ap1300:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:gl-inet:gl-ap1300lte_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ap1300lte:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:gl-inet:gl-x1200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-x1200:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:gl-inet:gl-x750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-x750:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:gl-inet:gl-x300b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-x300b:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:gl-inet:gl-xe300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-xe300:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:gl-inet:gl-ar750s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:gl-inet:gl-ar750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:gl-inet:gl-mifi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mifi:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:gl-inet:gl-ar300m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:gl-inet:gl-usb150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-usb150:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:gl-inet:microuter-n300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:microuter-n300:-:*:*:*:*:*:*:*

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md
https://www.gl-inet.com

History

Wed, 29 Jan 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-05-09T00:00:00.000Z

Updated: 2025-01-29T20:28:12.263Z

Reserved: 2023-04-28T00:00:00.000Z

Link: CVE-2023-31472

Vulnrichment

Updated: 2024-08-02T14:53:31.081Z

NVD

Status : Modified

Published: 2023-05-09T18:15:14.283

Modified: 2025-01-29T21:15:19.723

Link: CVE-2023-31472

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-770

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object