Description
An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.
References (3)
Core 3
Core References
Exploit, Third Party Advisory
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Buffer_Overflow.md
Vendor Advisory
https://www.gl-inet.com
Various Sources
https://justinapplegate.me/2023/glinet-CVE-2023-31475/
Scores
CVSS v3
9.8
EPSS
0.2581
EPSS Percentile
96.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-120
Status
published
Products (32)
gl-inet/gl-a1300_firmware
< 3.216
gl-inet/gl-ap1300_firmware
< 3.216
gl-inet/gl-ap1300lte_firmware
< 3.216
gl-inet/gl-ar300m_firmware
< 3.216
gl-inet/gl-ar750_firmware
< 3.216
gl-inet/gl-ar750s_firmware
< 3.216
gl-inet/gl-ax1800_firmware
< 3.216
gl-inet/gl-axt1800_firmware
< 3.216
gl-inet/gl-b1300_firmware
< 3.216
gl-inet/gl-b2200_firmware
< 3.216
... and 22 more
Published
May 11, 2023
Tracked Since
Feb 18, 2026