Unrated severityNVD Advisory· Published May 11, 2023· Updated Jan 27, 2025

CVE-2023-31473

Description

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file.

Affected products

Gl Inet/GL-iNet devicescpe-rescue

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Read.mdmitre
www.gl-inet.commitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000