CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www).

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/gl-inet/CVE-issues/blob/main/3.215/GL-MV1000_Arbitrary_File_Creation.md	Exploit Third Party Advisory
https://www.gl-inet.com	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:gl-inet:gl-mv1000w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mv1000w:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:gl-inet:gl-mv1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mv1000:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-05-09 16:15

Updated : 2023-05-16 19:42

NVD link : CVE-2023-31476

Mitre link : CVE-2023-31476

CVE.ORG link : CVE-2023-31476

JSON object : View

Products Affected

gl-inet

gl-mv1000_firmware
gl-mv1000w_firmware
gl-mv1000
gl-mv1000w

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2023-31476", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-05-09T16:15:14.680", "references": [{"url": "https://github.com/gl-inet/CVE-issues/blob/main/3.215/GL-MV1000_Arbitrary_File_Creation.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.gl-inet.com", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www)."}], "lastModified": "2023-05-16T19:42:55.567", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:gl-mv1000w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "845DCF61-323A-4321-9B53-F302354BD686", "versionEndIncluding": "3.215"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:gl-mv1000w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E736B698-B40F-490C-A994-E3F89EBD764F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:gl-mv1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D25F2C3-715B-4D4C-92DD-365808CCE2AA", "versionEndIncluding": "3.215"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:gl-mv1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "64F0FB60-564D-492A-BF60-AEE3FDD33CEA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}