CVE-2023-31473

MEDIUM

GL.iNet Firmware < 3.216 - Arbitrary File Write via opkg Configuration File Injection

Title source: llm

Description

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Read.md

View Exploit ZIP pw:eip

Vendor Advisory

https://www.gl-inet.com

Scores

CVSS v3 4.9

EPSS 0.0387

EPSS Percentile 88.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-77

Status published

Products (32)

gl-inet/gl-a1300_firmware < 3.216

gl-inet/gl-ap1300_firmware < 3.216

gl-inet/gl-ap1300lte_firmware < 3.216

gl-inet/gl-ar300m_firmware < 3.216

gl-inet/gl-ar750_firmware < 3.216

gl-inet/gl-ar750s_firmware < 3.216

gl-inet/gl-ax1800_firmware < 3.216

gl-inet/gl-axt1800_firmware < 3.216

gl-inet/gl-b1300_firmware < 3.216

gl-inet/gl-b2200_firmware < 3.216

... and 22 more

Published May 11, 2023

Tracked Since Feb 18, 2026