CVE-2023-31477

A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:gl-inet:gl-s20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-s20:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:gl-inet:gl-x3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-x3000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:gl-inet:gl-mt2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:gl-inet:gl-mt2500a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt2500a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:gl-inet:gl-axt1800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:gl-inet:gl-a1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:gl-inet:gl-sft1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-sft1200:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:gl-inet:gl-mt1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:gl-inet:gl-e750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-e750:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:gl-inet:gl-mv1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mv1000:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:gl-inet:gl-mv1000w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mv1000w:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:gl-inet:gl-s10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-s10:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:gl-inet:gl-s200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-s200:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:gl-inet:gl-s1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-s1300:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:gl-inet:gl-sf1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-sf1200:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:gl-inet:gl-b1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:gl-inet:gl-b2200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-b2200:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:gl-inet:gl-ap1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ap1300:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:gl-inet:gl-ap1300lte_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ap1300lte:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:gl-inet:gl-x1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-x1200:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:gl-inet:gl-x750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-x750:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:gl-inet:gl-x300b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-x300b:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:gl-inet:gl-xe300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-xe300:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:gl-inet:gl-ar750s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:gl-inet:gl-ar750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:gl-inet:gl-mifi_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mifi:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:gl-inet:gl-ar300m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:gl-inet:gl-usb150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-usb150:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:gl-inet:microuter-n300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:microuter-n300:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:01

Type Values Removed Values Added
References () https://github.com/gl-inet/CVE-issues/blob/main/3.215/Path_Traversal.md - Exploit, Third Party Advisory () https://github.com/gl-inet/CVE-issues/blob/main/3.215/Path_Traversal.md - Exploit, Third Party Advisory
References () https://www.gl-inet.com - Vendor Advisory () https://www.gl-inet.com - Vendor Advisory

Information

Published : 2023-05-11 02:15

Updated : 2024-11-21 08:01


NVD link : CVE-2023-31477

Mitre link : CVE-2023-31477

CVE.ORG link : CVE-2023-31477


JSON object : View

Products Affected

gl-inet

  • gl-mt1300_firmware
  • gl-s20
  • gl-mt3000
  • gl-s1300
  • gl-x1200_firmware
  • gl-x1200
  • gl-e750_firmware
  • gl-mv1000
  • gl-ar300m
  • gl-mt2500a_firmware
  • gl-ap1300lte
  • gl-s10_firmware
  • microuter-n300
  • gl-x300b
  • gl-sf1200
  • gl-s200
  • gl-ar750s
  • gl-ar300m_firmware
  • gl-s1300_firmware
  • gl-x750_firmware
  • gl-x750
  • gl-mifi_firmware
  • gl-mt2500
  • gl-a1300_firmware
  • gl-usb150_firmware
  • gl-mt300n-v2_firmware
  • gl-sft1200
  • gl-ax1800_firmware
  • gl-x3000
  • gl-x300b_firmware
  • gl-a1300
  • gl-s200_firmware
  • gl-usb150
  • gl-b1300
  • gl-ap1300
  • microuter-n300_firmware
  • gl-ar750_firmware
  • gl-mt1300
  • gl-ax1800
  • gl-axt1800_firmware
  • gl-mv1000w
  • gl-ar750s_firmware
  • gl-b1300_firmware
  • gl-x3000_firmware
  • gl-s20_firmware
  • gl-mt2500_firmware
  • gl-mt2500a
  • gl-xe300
  • gl-ar750
  • gl-s10
  • gl-mt300n-v2
  • gl-e750
  • gl-b2200_firmware
  • gl-ap1300_firmware
  • gl-ap1300lte_firmware
  • gl-mt3000_firmware
  • gl-axt1800
  • gl-b2200
  • gl-mv1000w_firmware
  • gl-sf1200_firmware
  • gl-mv1000_firmware
  • gl-xe300_firmware
  • gl-mifi
  • gl-sft1200_firmware
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')