Security Advisories (Vulnerabilities and CVEs) May 18 2023

Announcement
1

Dear all,

Here is a list of Vulnerabilities and CVEs of GL.iNet software, including Firmwares products.

This does not include CVEs from OpenWrt.

This is annoucement other than discussion. To report Security bugs, pls send email to support at glinet.biz. We have a 90-day policy for vulnerability disclosure.

CVE-2023-31471

  • Summary: Command Injection in network tools in router firmware allows arbitrary software to be installed
  • Affected software: Firmware 3.215 and earlier
  • Credit to: Simone Onofri, Donato Onofri, Luca Napolitano https://onofri.org
  • Attention: Users please upgrade firmware to 3.216 and newer

CVE-2023-31472

  • Summary: Command Injection in network tools in router firmware allows the creation of arbitrary files
  • Affected software: Firmware 3.215 and earlier
  • Credit to: Legoclones https://justinapplegate.me
  • Attention: Users please upgrade firmware to 3.216 and newer

CVE-2023-31473

  • Summary: Command Injection in network tools in router firmware allows arbitrary files to be read
  • Affected software: Firmware 3.215 and earlier
  • Credit to: Simone Onofri, Donato Onofri, Luca Napolitano https://onofri.org
  • Attention: Users please upgrade firmware to 3.216 and newer

CVE-2023-31474

  • Summary: Command Injection in network tools in router firmware allows browsing of any directory
  • Affected software: Firmware 3.215 and earlier
  • Credit to: Simone Onofri, Donato Onofri, Luca Napolitano https://onofri.org
  • Attention: Users please upgrade firmware to 3.216 and newer

CVE-2023-31475

  • Summary: Command Injection in network tools in router firmware causes buffer overflow
  • Affected software: Firmware 3.215 and earlier
  • Credit to: Legoclones https://justinapplegate.me
  • Attention: Users please upgrade firmware to 3.216 and newer

CVE-2023-31476

  • Summary: Command Injection in network tools in the MV1000 router firmware allows the creation of arbitrary files
  • Affected software: Firmware 3.215 and earlier
  • Credit to: Legoclones https://justinapplegate.me
  • Attention: Users please upgrade firmware to 3.216 and newer

CVE-2023-31477

  • Summary: Command Injection in network tools in router firmware allows sharing any directory
  • Affected software: Firmware 3.215 and earlier
  • Credit to: Simone Onofri, Donato Onofri, Luca Napolitano https://onofri.org
  • Attention: Users please upgrade firmware to 3.216 and newer

CVE-2023-31478

  • Summary: Command Injection in network tools in router firmware leaks the SSID Key
  • Affected software: Firmware 3.215 and earlier
  • Credit to: Legoclones https://justinapplegate.me
  • Attention: Users please upgrade firmware to 3.216 and newer
3 Likes