CVE-2023-31474

Published: May 9, 2023Modified: Jan 29, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.

Affected (32)

Products: Gl Inet: Gl S20 Firmware, Gl X3000 Firmware, Gl Mt3000 Firmware, Gl Mt2500 Firmware, Gl Mt2500a Firmware, Gl Axt1800 Firmware, Gl A1300 Firmware, Gl Ax1800 Firmware, Gl Sft1200 Firmware, Gl Mt1300 Firmware, Gl E750 Firmware, Gl Mv1000 Firmware, Gl Mv1000w Firmware, Gl S10 Firmware, Gl S200 Firmware, Gl S1300 Firmware, Gl Sf1200 Firmware, Gl B1300 Firmware, Gl B2200 Firmware, Gl Ap1300 Firmware, Gl Ap1300lte Firmware, Gl X1200 Firmware, Gl X750 Firmware, Gl X300b Firmware, Gl Xe300 Firmware, Gl Ar750s Firmware, Gl Ar750 Firmware, Gl Mifi Firmware, Gl Mt300n V2 Firmware, Gl Ar300m Firmware, Gl Usb150 Firmware, Microuter N300 Firmware

32 products

Gl Ap1300lte Firmware

Gl Mt300n V2 Firmware

Gl Ar300m Firmware

Gl Usb150 Firmware

Microuter N300 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl S20 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl S20	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl X3000 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl X3000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt3000 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Mt3000	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt2500 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Mt2500	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt2500a Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Mt2500a	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Axt1800 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Axt1800	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl A1300 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl A1300	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Ax1800 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Ax1800	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Sft1200 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Sft1200	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt1300 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Mt1300	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl E750 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl E750	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mv1000 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Mv1000	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mv1000w Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Mv1000w	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl S10 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl S10	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl S200 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl S200	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl S1300 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl S1300	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Sf1200 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Sf1200	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl B1300 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl B1300	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl B2200 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl B2200	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Ap1300 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Ap1300	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Ap1300lte Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Ap1300lte	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl X1200 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl X1200	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl X750 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl X750	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl X300b Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl X300b	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Xe300 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Xe300	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Ar750s Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Ar750s	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Ar750 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Ar750	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mifi Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Mifi	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Mt300n V2 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Mt300n V2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Ar300m Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Ar300m	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Gl Usb150 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Gl Usb150	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gl Inet Microuter N300 Firmware	Before 3.216

Running on/with	Platform Versions
Gl Inet Microuter N300	All versions

References (4)

https://github.com/gl-inet/CVE-issues/blob/main/3.215/Directory_Listing.md

Source: cve@mitre.org

Exploit

https://www.gl-inet.com

Source: cve@mitre.org

Vendor Advisory

https://github.com/gl-inet/CVE-issues/blob/main/3.215/Directory_Listing.md

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://www.gl-inet.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.