← Voltar para CVEs
CVE-2023-31471
CRITICAL9.8
Descricao
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/10/2023
Ultima modificacao1/27/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
gl-inet:gl-a1300gl-inet:gl-a1300_firmwaregl-inet:gl-ap1300gl-inet:gl-ap1300_firmwaregl-inet:gl-ap1300ltegl-inet:gl-ap1300lte_firmwaregl-inet:gl-ar300mgl-inet:gl-ar300m_firmwaregl-inet:gl-ar750gl-inet:gl-ar750_firmwaregl-inet:gl-ar750sgl-inet:gl-ar750s_firmwaregl-inet:gl-ax1800gl-inet:gl-ax1800_firmwaregl-inet:gl-axt1800gl-inet:gl-axt1800_firmwaregl-inet:gl-b1300gl-inet:gl-b1300_firmwaregl-inet:gl-b2200gl-inet:gl-b2200_firmwaregl-inet:gl-e750gl-inet:gl-e750_firmwaregl-inet:gl-mifigl-inet:gl-mifi_firmwaregl-inet:gl-mt1300gl-inet:gl-mt1300_firmwaregl-inet:gl-mt2500gl-inet:gl-mt2500_firmwaregl-inet:gl-mt2500agl-inet:gl-mt2500a_firmwaregl-inet:gl-mt3000gl-inet:gl-mt3000_firmwaregl-inet:gl-mt300n-v2gl-inet:gl-mt300n-v2_firmwaregl-inet:gl-mv1000gl-inet:gl-mv1000_firmwaregl-inet:gl-mv1000wgl-inet:gl-mv1000w_firmwaregl-inet:gl-s10gl-inet:gl-s10_firmwaregl-inet:gl-s1300gl-inet:gl-s1300_firmwaregl-inet:gl-s20gl-inet:gl-s200gl-inet:gl-s200_firmwaregl-inet:gl-s20_firmwaregl-inet:gl-sf1200gl-inet:gl-sf1200_firmwaregl-inet:gl-sft1200gl-inet:gl-sft1200_firmwaregl-inet:gl-usb150gl-inet:gl-usb150_firmwaregl-inet:gl-x1200gl-inet:gl-x1200_firmwaregl-inet:gl-x3000gl-inet:gl-x3000_firmwaregl-inet:gl-x300bgl-inet:gl-x300b_firmwaregl-inet:gl-x750gl-inet:gl-x750_firmwaregl-inet:gl-xe300gl-inet:gl-xe300_firmwaregl-inet:microuter-n300gl-inet:microuter-n300_firmware
Referencias
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Abuse_of_Functionality_leads_to_RCE.md(cve@mitre.org)
https://www.gl-inet.com(cve@mitre.org)
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Abuse_of_Functionality_leads_to_RCE.md(af854a3a-2127-422b-91ae-364da2661108)
https://www.gl-inet.com(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.