CVE-2023-31478

HIGH EXPLOITED NUCLEI

GL.iNet Firmware < 3.216 - Unauthenticated Wi-Fi Configuration Exposure via API Endpoint

Title source: llm

Exploitation Summary

CVE-2023-31478 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.

Nuclei Templates (1)

GL.iNET SSID Key Disclosure

HIGHVERIFIEDby DhiyaneshDK

Shodan: title:"GL.iNet Admin Panel"

References (2)

Core 2

Core References

Exploit, Issue Tracking, Third Party Advisory

https://github.com/gl-inet/CVE-issues/blob/main/3.215/SSID_Key_Disclosure.md

View Exploit ZIP pw:eip

Product

https://www.gl-inet.com

Scores

CVSS v3 7.5

EPSS 0.2970

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2025-03-31

Status published

Products (32)

gl-inet/gl-a1300_firmware < 3.216

gl-inet/gl-ap1300_firmware < 3.216

gl-inet/gl-ap1300lte_firmware < 3.216

gl-inet/gl-ar300m_firmware < 3.216

gl-inet/gl-ar750_firmware < 3.216

gl-inet/gl-ar750s_firmware < 3.216

gl-inet/gl-ax1800_firmware < 3.216

gl-inet/gl-axt1800_firmware < 3.216

gl-inet/gl-b1300_firmware < 3.216

gl-inet/gl-b2200_firmware < 3.216

... and 22 more

Published May 09, 2023

Tracked Since Feb 18, 2026