CVE-2023-31477
HIGHGL.iNet Firmware < 3.216 - Path Traversal via File Sharing Feature
Title source: llmDescription
A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Path_Traversal.md
Vendor Advisory
https://www.gl-inet.com
Scores
CVSS v3
7.5
EPSS
0.0094
EPSS Percentile
56.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (32)
gl-inet/gl-a1300_firmware
< 3.216
gl-inet/gl-ap1300_firmware
< 3.216
gl-inet/gl-ap1300lte_firmware
< 3.216
gl-inet/gl-ar300m_firmware
< 3.216
gl-inet/gl-ar750_firmware
< 3.216
gl-inet/gl-ar750s_firmware
< 3.216
gl-inet/gl-ax1800_firmware
< 3.216
gl-inet/gl-axt1800_firmware
< 3.216
gl-inet/gl-b1300_firmware
< 3.216
gl-inet/gl-b2200_firmware
< 3.216
... and 22 more
Published
May 11, 2023
Tracked Since
Feb 18, 2026