Vulnerability Details CVE-2023-31474
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.3%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2023-31474
-
cpe:2.3:h:gl-inet:gl-a1300:-
-
cpe:2.3:h:gl-inet:gl-ap1300:-
-
cpe:2.3:h:gl-inet:gl-ap1300lte:-
-
cpe:2.3:h:gl-inet:gl-ar300m:-
-
cpe:2.3:h:gl-inet:gl-ar750:-
-
cpe:2.3:h:gl-inet:gl-ar750s:-
-
cpe:2.3:h:gl-inet:gl-ax1800:-
-
cpe:2.3:h:gl-inet:gl-axt1800:-
-
cpe:2.3:h:gl-inet:gl-b1300:-
-
cpe:2.3:h:gl-inet:gl-b2200:-
-
cpe:2.3:h:gl-inet:gl-e750:-
-
cpe:2.3:h:gl-inet:gl-mifi:-
-
cpe:2.3:h:gl-inet:gl-mt1300:-
-
cpe:2.3:h:gl-inet:gl-mt2500:-
-
cpe:2.3:h:gl-inet:gl-mt2500a:-
-
cpe:2.3:h:gl-inet:gl-mt3000:-
-
cpe:2.3:h:gl-inet:gl-mt300n-v2:-
-
cpe:2.3:h:gl-inet:gl-mv1000:-
-
cpe:2.3:h:gl-inet:gl-mv1000w:-
-
cpe:2.3:h:gl-inet:gl-s10:-
-
cpe:2.3:h:gl-inet:gl-s1300:-
-
cpe:2.3:h:gl-inet:gl-s200:-
-
cpe:2.3:h:gl-inet:gl-s20:-
-
cpe:2.3:h:gl-inet:gl-sf1200:-
-
cpe:2.3:h:gl-inet:gl-sft1200:-
-
cpe:2.3:h:gl-inet:gl-usb150:-
-
cpe:2.3:h:gl-inet:gl-x1200:-
-
cpe:2.3:h:gl-inet:gl-x3000:-
-
cpe:2.3:h:gl-inet:gl-x300b:-
-
cpe:2.3:h:gl-inet:gl-x750:-
-
cpe:2.3:h:gl-inet:gl-xe300:-
-
cpe:2.3:h:gl-inet:microuter-n300:-
-
cpe:2.3:o:gl-inet:gl-a1300_firmware:-
-
cpe:2.3:o:gl-inet:gl-ap1300_firmware:-
-
cpe:2.3:o:gl-inet:gl-ap1300lte_firmware:-
-
cpe:2.3:o:gl-inet:gl-ar300m_firmware:-
-
cpe:2.3:o:gl-inet:gl-ar300m_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-ar750_firmware:-
-
cpe:2.3:o:gl-inet:gl-ar750_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-ar750s_firmware:-
-
cpe:2.3:o:gl-inet:gl-ar750s_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-ax1800_firmware:-
-
cpe:2.3:o:gl-inet:gl-ax1800_firmware:3.125
-
cpe:2.3:o:gl-inet:gl-ax1800_firmware:3.214
-
cpe:2.3:o:gl-inet:gl-ax1800_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-axt1800_firmware:-
-
cpe:2.3:o:gl-inet:gl-axt1800_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-b1300_firmware:-
-
cpe:2.3:o:gl-inet:gl-b1300_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-b2200_firmware:-
-
cpe:2.3:o:gl-inet:gl-b2200_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-e750_firmware:-
-
cpe:2.3:o:gl-inet:gl-e750_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-mifi_firmware:-
-
cpe:2.3:o:gl-inet:gl-mifi_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-mt1300_firmware:-
-
cpe:2.3:o:gl-inet:gl-mt1300_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-mt2500_firmware:-
-
cpe:2.3:o:gl-inet:gl-mt2500_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-mt2500a_firmware:-
-
cpe:2.3:o:gl-inet:gl-mt2500a_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-mt3000_firmware:-
-
cpe:2.3:o:gl-inet:gl-mt3000_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:-
-
cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:3.212
-
cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-mv1000_firmware:-
-
cpe:2.3:o:gl-inet:gl-mv1000_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-mv1000w_firmware:-
-
cpe:2.3:o:gl-inet:gl-mv1000w_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-s10_firmware:-
-
cpe:2.3:o:gl-inet:gl-s10_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-s1300_firmware:-
-
cpe:2.3:o:gl-inet:gl-s1300_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-s200_firmware:-
-
cpe:2.3:o:gl-inet:gl-s200_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-s20_firmware:-
-
cpe:2.3:o:gl-inet:gl-s20_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-sf1200_firmware:-
-
cpe:2.3:o:gl-inet:gl-sf1200_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-sft1200_firmware:-
-
cpe:2.3:o:gl-inet:gl-sft1200_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-usb150_firmware:-
-
cpe:2.3:o:gl-inet:gl-usb150_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-x1200_firmware:-
-
cpe:2.3:o:gl-inet:gl-x1200_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-x3000_firmware:-
-
cpe:2.3:o:gl-inet:gl-x3000_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-x300b_firmware:-
-
cpe:2.3:o:gl-inet:gl-x300b_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-x750_firmware:-
-
cpe:2.3:o:gl-inet:gl-x750_firmware:3.215
-
cpe:2.3:o:gl-inet:gl-xe300_firmware:-
-
cpe:2.3:o:gl-inet:gl-xe300_firmware:3.215
-
cpe:2.3:o:gl-inet:microuter-n300_firmware:-
-
cpe:2.3:o:gl-inet:microuter-n300_firmware:3.215