Resource exhaustion in Gl-inet Gl-a1300

CVE-2023-31472

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.

EPSS: 0.199 (97.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-31472?
CVE-2023-31472 is a high-severity vulnerability in Gl-inet Gl-a1300, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2023-05-09.
How severe is CVE-2023-31472?
High severity. CVSS v3 base score is 7.5 out of 10.