CVE-2023-31472

CVSS 7.5 HIGHEPSS 19.9%CWE-770

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Productos afectados

n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md https://www.gl-inet.com