← Zuruck zu CVEs
CVE-2023-31475
CRITICAL9.8
Beschreibung
An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht5/11/2023
Zuletzt geandert1/27/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
gl-inet:gl-a1300gl-inet:gl-a1300_firmwaregl-inet:gl-ap1300gl-inet:gl-ap1300_firmwaregl-inet:gl-ap1300ltegl-inet:gl-ap1300lte_firmwaregl-inet:gl-ar300mgl-inet:gl-ar300m_firmwaregl-inet:gl-ar750gl-inet:gl-ar750_firmwaregl-inet:gl-ar750sgl-inet:gl-ar750s_firmwaregl-inet:gl-ax1800gl-inet:gl-ax1800_firmwaregl-inet:gl-axt1800gl-inet:gl-axt1800_firmwaregl-inet:gl-b1300gl-inet:gl-b1300_firmwaregl-inet:gl-b2200gl-inet:gl-b2200_firmwaregl-inet:gl-e750gl-inet:gl-e750_firmwaregl-inet:gl-mifigl-inet:gl-mifi_firmwaregl-inet:gl-mt1300gl-inet:gl-mt1300_firmwaregl-inet:gl-mt2500gl-inet:gl-mt2500_firmwaregl-inet:gl-mt2500agl-inet:gl-mt2500a_firmwaregl-inet:gl-mt3000gl-inet:gl-mt3000_firmwaregl-inet:gl-mt300n-v2gl-inet:gl-mt300n-v2_firmwaregl-inet:gl-mv1000gl-inet:gl-mv1000_firmwaregl-inet:gl-mv1000wgl-inet:gl-mv1000w_firmwaregl-inet:gl-s10gl-inet:gl-s10_firmwaregl-inet:gl-s1300gl-inet:gl-s1300_firmwaregl-inet:gl-s20gl-inet:gl-s200gl-inet:gl-s200_firmwaregl-inet:gl-s20_firmwaregl-inet:gl-sf1200gl-inet:gl-sf1200_firmwaregl-inet:gl-sft1200gl-inet:gl-sft1200_firmwaregl-inet:gl-usb150gl-inet:gl-usb150_firmwaregl-inet:gl-x1200gl-inet:gl-x1200_firmwaregl-inet:gl-x3000gl-inet:gl-x3000_firmwaregl-inet:gl-x300bgl-inet:gl-x300b_firmwaregl-inet:gl-x750gl-inet:gl-x750_firmwaregl-inet:gl-xe300gl-inet:gl-xe300_firmwaregl-inet:microuter-n300gl-inet:microuter-n300_firmware
Schwachen (CWE)
CWE-120CWE-120
Referenzen
https://justinapplegate.me/2023/glinet-CVE-2023-31475/(cve@mitre.org)
https://www.gl-inet.com(cve@mitre.org)
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Buffer_Overflow.md(af854a3a-2127-422b-91ae-364da2661108)
https://justinapplegate.me/2023/glinet-CVE-2023-31475/(af854a3a-2127-422b-91ae-364da2661108)
https://www.gl-inet.com(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.