CVE-2023-31475

critical-risk

Published 2023-05-11

An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.

Do I need to act?

25.8% chance of exploitation in next 30 days

EPSS score — higher than 74% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Gl-S20 Firmware

Gl-X3000 Firmware

Gl-Mt3000 Firmware

Gl-Mt2500 Firmware

Gl-Mt2500A Firmware

Gl-Axt1800 Firmware

Gl-A1300 Firmware

Gl-Ax1800 Firmware

Gl-Sft1200 Firmware

Gl-Mt1300 Firmware

Gl-E750 Firmware

Gl-Mv1000 Firmware

Gl-Mv1000W Firmware

Gl-S10 Firmware

Gl-S200 Firmware

Gl-S1300 Firmware

Gl-Sf1200 Firmware

Gl-B1300 Firmware

Gl-B2200 Firmware

Gl-Ap1300 Firmware

Affected Vendors

Gl-Inet

References (6)

Exploit https://github.com/gl-inet/CVE-issues/blob/main/3.215/Buffer_Overflow.md

https://justinapplegate.me/2023/glinet-CVE-2023-31475/

Vendor Advisory https://www.gl-inet.com

Exploit https://github.com/gl-inet/CVE-issues/blob/main/3.215/Buffer_Overflow.md

https://justinapplegate.me/2023/glinet-CVE-2023-31475/

Vendor Advisory https://www.gl-inet.com

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 15/34 · Moderate

Exposure 23/34 · High