An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.02473.

Exploitation poc

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a n/a affected
Version Status Constraints
n/a affected

Configuration 1 [-]

AND
cpe:2.3:o:gl-inet:gl-s20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-s20:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:gl-inet:gl-x3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-x3000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:gl-inet:gl-mt2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:gl-inet:gl-mt2500a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt2500a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:gl-inet:gl-axt1800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:gl-inet:gl-a1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:gl-inet:gl-sft1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-sft1200:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:gl-inet:gl-mt1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:gl-inet:gl-e750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-e750:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:gl-inet:gl-mv1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mv1000:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:gl-inet:gl-mv1000w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mv1000w:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:gl-inet:gl-s10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-s10:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:gl-inet:gl-s200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-s200:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:gl-inet:gl-s1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-s1300:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:gl-inet:gl-sf1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-sf1200:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:gl-inet:gl-b1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:gl-inet:gl-b2200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-b2200:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:gl-inet:gl-ap1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ap1300:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:gl-inet:gl-ap1300lte_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ap1300lte:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:gl-inet:gl-x1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-x1200:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:gl-inet:gl-x750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-x750:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:gl-inet:gl-x300b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-x300b:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:gl-inet:gl-xe300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-xe300:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:gl-inet:gl-ar750s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:o:gl-inet:gl-ar750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND
cpe:2.3:o:gl-inet:gl-mifi_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mifi:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND
cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND
cpe:2.3:o:gl-inet:gl-ar300m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND
cpe:2.3:o:gl-inet:gl-usb150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-usb150:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND
cpe:2.3:o:gl-inet:microuter-n300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:microuter-n300:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Gl-inet Subscribe
Gl-a1300 Subscribe
Gl-a1300 Firmware Subscribe
Gl-ap1300 Subscribe
Gl-ap1300 Firmware Subscribe
Gl-ap1300lte Subscribe
Gl-ap1300lte Firmware Subscribe
Gl-ar300m Subscribe
Gl-ar300m Firmware Subscribe
Gl-ar750 Subscribe
Gl-ar750 Firmware Subscribe
Gl-ar750s Subscribe
Gl-ar750s Firmware Subscribe
Gl-ax1800 Subscribe
Gl-ax1800 Firmware Subscribe
Gl-axt1800 Subscribe
Gl-axt1800 Firmware Subscribe
Gl-b1300 Subscribe
Gl-b1300 Firmware Subscribe
Gl-b2200 Subscribe
Gl-b2200 Firmware Subscribe
Gl-e750 Subscribe
Gl-e750 Firmware Subscribe
Gl-mifi Subscribe
Gl-mifi Firmware Subscribe
Gl-mt1300 Subscribe
Gl-mt1300 Firmware Subscribe
Gl-mt2500 Subscribe
Gl-mt2500 Firmware Subscribe
Gl-mt2500a Subscribe
Gl-mt2500a Firmware Subscribe
Gl-mt3000 Subscribe
Gl-mt3000 Firmware Subscribe
Gl-mt300n-v2 Subscribe
Gl-mt300n-v2 Firmware Subscribe
Gl-mv1000 Subscribe
Gl-mv1000 Firmware Subscribe
Gl-mv1000w Subscribe
Gl-mv1000w Firmware Subscribe
Gl-s10 Subscribe
Gl-s10 Firmware Subscribe
Gl-s1300 Subscribe
Gl-s1300 Firmware Subscribe
Gl-s20 Subscribe
Gl-s200 Subscribe
Gl-s200 Firmware Subscribe
Gl-s20 Firmware Subscribe
Gl-sf1200 Subscribe
Gl-sf1200 Firmware Subscribe
Gl-sft1200 Subscribe
Gl-sft1200 Firmware Subscribe
Gl-usb150 Subscribe
Gl-usb150 Firmware Subscribe
Gl-x1200 Subscribe
Gl-x1200 Firmware Subscribe
Gl-x3000 Subscribe
Gl-x3000 Firmware Subscribe
Gl-x300b Subscribe
Gl-x300b Firmware Subscribe
Gl-x750 Subscribe
Gl-x750 Firmware Subscribe
Gl-xe300 Subscribe
Gl-xe300 Firmware Subscribe
Microuter-n300 Subscribe
Microuter-n300 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2023-35778 An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Read.md cve-icon cve-icon
https://www.gl-inet.com cve-icon cve-icon
History

Mon, 27 Jan 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-01-27T17:18:23.785Z

Reserved: 2023-04-28T00:00:00.000Z

Link: CVE-2023-31473

cve-icon Vulnrichment

Updated: 2024-08-02T14:53:30.985Z

cve-icon NVD

Status : Modified

Published: 2023-05-11T11:15:09.100

Modified: 2025-01-27T18:15:33.730

Link: CVE-2023-31473

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses