Lucene search

[email protected]NVD:CVE-2023-31475

HistoryMay 11, 2023 - 11:15 a.m.

CVE-2023-31475

2023-05-1111:15:09

CWE-120

[email protected]

web.nvd.nist.gov

gl.inet

buffer overflow

libglutil

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

57.4%

JSON

An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.

Affected configurations

Nvd

Node

gl-inetgl-s20_firmwareRange<3.216

AND

gl-inetgl-s20Match-

Node

gl-inetgl-x3000_firmwareRange<3.216

AND

gl-inetgl-x3000Match-

Node

gl-inetgl-mt3000_firmwareRange<3.216

AND

gl-inetgl-mt3000Match-

Node

gl-inetgl-mt2500_firmwareRange<3.216

AND

gl-inetgl-mt2500Match-

Node

gl-inetgl-mt2500a_firmwareRange<3.216

AND

gl-inetgl-mt2500aMatch-

Node

gl-inetgl-axt1800_firmwareRange<3.216

AND

gl-inetgl-axt1800Match-

Node

gl-inetgl-a1300_firmwareRange<3.216

AND

gl-inetgl-a1300Match-

Node

gl-inetgl-ax1800_firmwareRange<3.216

AND

gl-inetgl-ax1800Match-

Node

gl-inetgl-sft1200_firmwareRange<3.216

AND

gl-inetgl-sft1200Match-

Node

gl-inetgl-mt1300_firmwareRange<3.216

AND

gl-inetgl-mt1300Match-

Node

gl-inetgl-e750_firmwareRange<3.216

AND

gl-inetgl-e750Match-

Node

gl-inetgl-mv1000_firmwareRange<3.216

AND

gl-inetgl-mv1000Match-

Node

gl-inetgl-mv1000w_firmwareRange<3.216

AND

gl-inetgl-mv1000wMatch-

Node

gl-inetgl-s10_firmwareRange<3.216

AND

gl-inetgl-s10Match-

Node

gl-inetgl-s200_firmwareRange<3.216

AND

gl-inetgl-s200Match-

Node

gl-inetgl-s1300_firmwareRange<3.216

AND

gl-inetgl-s1300Match-

Node

gl-inetgl-sf1200_firmwareRange<3.216

AND

gl-inetgl-sf1200Match-

Node

gl-inetgl-b1300_firmwareRange<3.216

AND

gl-inetgl-b1300Match-

Node

gl-inetgl-b2200_firmwareRange<3.216

AND

gl-inetgl-b2200Match-

Node

gl-inetgl-ap1300_firmwareRange<3.216

AND

gl-inetgl-ap1300Match-

Node

gl-inetgl-ap1300lte_firmwareRange<3.216

AND

gl-inetgl-ap1300lteMatch-

Node

gl-inetgl-x1200_firmwareRange<3.216

AND

gl-inetgl-x1200Match-

Node

gl-inetgl-x750_firmwareRange<3.216

AND

gl-inetgl-x750Match-

Node

gl-inetgl-x300b_firmwareRange<3.216

AND

gl-inetgl-x300bMatch-

Node

gl-inetgl-xe300_firmwareRange<3.216

AND

gl-inetgl-xe300Match-

Node

gl-inetgl-ar750s_firmwareRange<3.216

AND

gl-inetgl-ar750sMatch-

Node

gl-inetgl-ar750_firmwareRange<3.216

AND

gl-inetgl-ar750Match-

Node

gl-inetgl-mifi_firmwareRange<3.216

AND

gl-inetgl-mifiMatch-

Node

gl-inetgl-mt300n-v2_firmwareRange<3.216

AND

gl-inetgl-mt300n-v2Match-

Node

gl-inetgl-ar300m_firmwareRange<3.216

AND

gl-inetgl-ar300mMatch-

Node

gl-inetgl-usb150_firmwareRange<3.216

AND

gl-inetgl-usb150Match-

Node

gl-inetmicrouter-n300_firmwareRange<3.216

AND

gl-inetmicrouter-n300Match-

References

github.com/gl-inet/CVE-issues/blob/main/3.215/Buffer_Overflow.md

justinapplegate.me/2023/glinet-CVE-2023-31475/

www.gl-inet.com

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

57.4%

JSON

Related for NVD:CVE-2023-31475

cvelist1 cve2 prion1 nvd1