Vulnerabilities > CVE-2023-31471 - Unspecified vulnerability in Gl-Inet products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
gl-inet
critical

Summary

An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL.

Vulnerable Configurations

Part Description Count
OS
Gl-Inet
64
Hardware
Gl-Inet
32