RCE in Gl-inet Gl-a1300
CVE-2023-31473
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.039 (88.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.
Affected products
Weakness classification (CWE)
References
- cve@mitre.org (Vendor Advisory)
- cve@mitre.org (Exploit, Third Party Advisory)
Frequently asked questions
- What is CVE-2023-31473?
- CVE-2023-31473 is a medium-severity vulnerability in Gl-inet Gl-a1300, classified under Command Injection. CVSS score: 4.9/10. Published 2023-05-11.
- How severe is CVE-2023-31473?
- Medium severity. CVSS v3 base score is 4.9 out of 10.