CVE-2023-31472
HIGHGL.iNet Firmware < 3.216 - Unauthenticated Arbitrary File Write via Command Injection
Title source: llmDescription
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.
References (2)
Core 2
Core References
Exploit, Vendor Advisory
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md
Vendor Advisory
https://www.gl-inet.com
Scores
CVSS v3
7.5
EPSS
0.1988
EPSS Percentile
97.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-770
Status
published
Products (32)
gl-inet/gl-a1300_firmware
< 3.216
gl-inet/gl-ap1300_firmware
< 3.216
gl-inet/gl-ap1300lte_firmware
< 3.216
gl-inet/gl-ar300m_firmware
< 3.216
gl-inet/gl-ar750_firmware
< 3.216
gl-inet/gl-ar750s_firmware
< 3.216
gl-inet/gl-ax1800_firmware
< 3.216
gl-inet/gl-axt1800_firmware
< 3.216
gl-inet/gl-b1300_firmware
< 3.216
gl-inet/gl-b2200_firmware
< 3.216
... and 22 more
Published
May 09, 2023
Tracked Since
Feb 18, 2026