CVE-2023-31472

CVSS 7.5 HIGHEPSS 19.9%CWE-770

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md https://www.gl-inet.com