Lucene search
HistoryMay 09, 2023 - 6:15 p.m.
CVE-2023-31474
gl.inet
software installation
arbitrary parameters
opkg
regex
directory
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
48.5%
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.
Affected configurations
Node
gl-inetgl-s20_firmwareRange<3.216
gl-inetgl-s20Match-
Node
gl-inetgl-x3000_firmwareRange<3.216
gl-inetgl-x3000Match-
Node
gl-inetgl-mt3000_firmwareRange<3.216
gl-inetgl-mt3000Match-
Node
gl-inetgl-mt2500_firmwareRange<3.216
gl-inetgl-mt2500Match-
Node
gl-inetgl-mt2500a_firmwareRange<3.216
gl-inetgl-mt2500aMatch-
Node
gl-inetgl-axt1800_firmwareRange<3.216
gl-inetgl-axt1800Match-
Node
gl-inetgl-a1300_firmwareRange<3.216
gl-inetgl-a1300Match-
Node
gl-inetgl-ax1800_firmwareRange<3.216
gl-inetgl-ax1800Match-
Node
gl-inetgl-sft1200_firmwareRange<3.216
gl-inetgl-sft1200Match-
Node
gl-inetgl-mt1300_firmwareRange<3.216
gl-inetgl-mt1300Match-
Node
gl-inetgl-e750_firmwareRange<3.216
gl-inetgl-e750Match-
Node
gl-inetgl-mv1000_firmwareRange<3.216
gl-inetgl-mv1000Match-
Node
gl-inetgl-mv1000w_firmwareRange<3.216
gl-inetgl-mv1000wMatch-
Node
gl-inetgl-s10_firmwareRange<3.216
gl-inetgl-s10Match-
Node
gl-inetgl-s200_firmwareRange<3.216
gl-inetgl-s200Match-
Node
gl-inetgl-s1300_firmwareRange<3.216
gl-inetgl-s1300Match-
Node
gl-inetgl-sf1200_firmwareRange<3.216
gl-inetgl-sf1200Match-
Node
gl-inetgl-b1300_firmwareRange<3.216
gl-inetgl-b1300Match-
Node
gl-inetgl-b2200_firmwareRange<3.216
gl-inetgl-b2200Match-
Node
gl-inetgl-ap1300_firmwareRange<3.216
gl-inetgl-ap1300Match-
Node
gl-inetgl-ap1300lte_firmwareRange<3.216
gl-inetgl-ap1300lteMatch-
Node
gl-inetgl-x1200_firmwareRange<3.216
gl-inetgl-x1200Match-
Node
gl-inetgl-x750_firmwareRange<3.216
gl-inetgl-x750Match-
Node
gl-inetgl-x300b_firmwareRange<3.216
gl-inetgl-x300bMatch-
Node
gl-inetgl-xe300_firmwareRange<3.216
gl-inetgl-xe300Match-
Node
gl-inetgl-ar750s_firmwareRange<3.216
gl-inetgl-ar750sMatch-
Node
gl-inetgl-ar750_firmwareRange<3.216
gl-inetgl-ar750Match-
Node
gl-inetgl-mifi_firmwareRange<3.216
gl-inetgl-mifiMatch-
Node
gl-inetgl-mt300n-v2_firmwareRange<3.216
gl-inetgl-mt300n-v2Match-
Node
gl-inetgl-ar300m_firmwareRange<3.216
gl-inetgl-ar300mMatch-
Node
gl-inetgl-usb150_firmwareRange<3.216
gl-inetgl-usb150Match-
Node
gl-inetmicrouter-n300_firmwareRange<3.216
gl-inetmicrouter-n300Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gl-inet | gl-s20_firmware | * | cpe:2.3:o:gl-inet:gl-s20_firmware:*:*:*:*:*:*:*:* |
| gl-inet | gl-s20 | - | cpe:2.3:h:gl-inet:gl-s20:-:*:*:*:*:*:*:* |
| gl-inet | gl-x3000_firmware | * | cpe:2.3:o:gl-inet:gl-x3000_firmware:*:*:*:*:*:*:*:* |
| gl-inet | gl-x3000 | - | cpe:2.3:h:gl-inet:gl-x3000:-:*:*:*:*:*:*:* |
| gl-inet | gl-mt3000_firmware | * | cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:* |
| gl-inet | gl-mt3000 | - | cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:* |
| gl-inet | gl-mt2500_firmware | * | cpe:2.3:o:gl-inet:gl-mt2500_firmware:*:*:*:*:*:*:*:* |
| gl-inet | gl-mt2500 | - | cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:* |
| gl-inet | gl-mt2500a_firmware | * | cpe:2.3:o:gl-inet:gl-mt2500a_firmware:*:*:*:*:*:*:*:* |
| gl-inet | gl-mt2500a | - | cpe:2.3:h:gl-inet:gl-mt2500a:-:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-31474
2023-05-09 00:00:00
cve
cve
CVE-2023-31474
2023-05-09 18:15:14
prion
prion
Information disclosure
2023-05-09 18:15:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
48.5%
Related for NVD:CVE-2023-31474