RCE in Gl-inet Gl-a1300

CVE-2023-31473

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.039 (88.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-31473?
CVE-2023-31473 is a medium-severity vulnerability in Gl-inet Gl-a1300, classified under Command Injection. CVSS score: 4.9/10. Published 2023-05-11.
How severe is CVE-2023-31473?
Medium severity. CVSS v3 base score is 4.9 out of 10.