An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Gl-inet
  • Gl-a1300
  • Gl-a1300 Firmware
  • Gl-ap1300
  • Gl-ap1300 Firmware
  • Gl-ap1300lte
  • Gl-ap1300lte Firmware
  • Gl-ar300m
  • Gl-ar300m Firmware
  • Gl-ar750
  • Gl-ar750 Firmware
  • Gl-ar750s
  • Gl-ar750s Firmware
  • Gl-ax1800
  • Gl-ax1800 Firmware
  • Gl-axt1800
  • Gl-axt1800 Firmware
  • Gl-b1300
  • Gl-b1300 Firmware
  • Gl-b2200
  • Gl-b2200 Firmware
  • Gl-e750
  • Gl-e750 Firmware
  • Gl-mifi
  • Gl-mifi Firmware
  • Gl-mt1300
  • Gl-mt1300 Firmware
  • Gl-mt2500
  • Gl-mt2500 Firmware
  • Gl-mt2500a
  • Gl-mt2500a Firmware
  • Gl-mt3000
  • Gl-mt3000 Firmware
  • Gl-mt300n-v2
  • Gl-mt300n-v2 Firmware
  • Gl-mv1000
  • Gl-mv1000 Firmware
  • Gl-mv1000w
  • Gl-mv1000w Firmware
  • Gl-s10
  • Gl-s10 Firmware
  • Gl-s1300
  • Gl-s1300 Firmware
  • Gl-s20
  • Gl-s200
  • Gl-s200 Firmware
  • Gl-s20 Firmware
  • Gl-sf1200
  • Gl-sf1200 Firmware
  • Gl-sft1200
  • Gl-sft1200 Firmware
  • Gl-usb150
  • Gl-usb150 Firmware
  • Gl-x1200
  • Gl-x1200 Firmware
  • Gl-x3000
  • Gl-x3000 Firmware
  • Gl-x300b
  • Gl-x300b Firmware
  • Gl-x750
  • Gl-x750 Firmware
  • Gl-xe300
  • Gl-xe300 Firmware
  • Microuter-n300
  • Microuter-n300 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:gl-inet:gl-s20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-s20:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:gl-inet:gl-x3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-x3000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:gl-inet:gl-mt2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:gl-inet:gl-mt2500a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt2500a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:gl-inet:gl-axt1800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:gl-inet:gl-a1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:gl-inet:gl-sft1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-sft1200:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:gl-inet:gl-mt1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:gl-inet:gl-e750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-e750:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:gl-inet:gl-mv1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mv1000:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:gl-inet:gl-mv1000w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mv1000w:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:gl-inet:gl-s10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-s10:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:gl-inet:gl-s200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-s200:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:gl-inet:gl-s1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-s1300:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:gl-inet:gl-sf1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-sf1200:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:gl-inet:gl-b1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:gl-inet:gl-b2200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-b2200:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:gl-inet:gl-ap1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ap1300:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:gl-inet:gl-ap1300lte_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ap1300lte:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:gl-inet:gl-x1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-x1200:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:gl-inet:gl-x750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-x750:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:gl-inet:gl-x300b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-x300b:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:gl-inet:gl-xe300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-xe300:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:gl-inet:gl-ar750s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:o:gl-inet:gl-ar750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND
cpe:2.3:o:gl-inet:gl-mifi_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mifi:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND
cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND
cpe:2.3:o:gl-inet:gl-ar300m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND
cpe:2.3:o:gl-inet:gl-usb150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-usb150:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND
cpe:2.3:o:gl-inet:microuter-n300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:microuter-n300:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Abuse_of_Functionality_leads_to_RCE.md cve-icon cve-icon
https://www.gl-inet.com cve-icon cve-icon
History

Mon, 27 Jan 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-01-27T19:26:40.342Z

Reserved: 2023-04-28T00:00:00.000Z

Link: CVE-2023-31471

cve-icon Vulnrichment

Updated: 2024-08-02T14:53:31.075Z

cve-icon NVD

Status : Modified

Published: 2023-05-10T15:15:10.017

Modified: 2025-01-27T20:15:31.320

Link: CVE-2023-31471

cve-icon Redhat

No data.