Resource exhaustion in Gl-inet Gl-a1300
CVE-2023-31472
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.
EPSS: 0.199 (97.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
Affected products
Weakness classification (CWE)
References
- cve@mitre.org (Vendor Advisory)
- cve@mitre.org (Exploit, Vendor Advisory)
Frequently asked questions
- What is CVE-2023-31472?
- CVE-2023-31472 is a high-severity vulnerability in Gl-inet Gl-a1300, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2023-05-09.
- How severe is CVE-2023-31472?
- High severity. CVSS v3 base score is 7.5 out of 10.