Vulnerabilities > CVE-2023-31474 - Unspecified vulnerability in Gl-Inet products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
gl-inet

Summary

An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.

Vulnerable Configurations

Part Description Count
OS
Gl-Inet
64
Hardware
Gl-Inet
32