CVE-2023-31476
Published: 09 May 2023
Summary
CVE-2023-31476 is a high-severity Command Injection (CWE-77) vulnerability in Gl-Inet Gl-Mv1000W Firmware. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 47.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-35781
Vulnerability details
An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more…
more
than 6 characters (the working directory is /www).
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.