CVE-2023-31471
First published: Wed May 10 2023(Updated: )
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GL.iNet GL-S20 Firmware | <3.216 | |
| GL.iNet GL-S20 | ||
| GL.iNet GL-X3000 Firmware | <3.216 | |
| GL.iNet GL-X3000 | ||
| GL.iNet GL-MT3000 Firmware | <3.216 | |
| GL.iNet GL-MT3000 | ||
| GL.iNet GL-MT2500 | <3.216 | |
| GL.iNet GL-MT2500 | ||
| GL.iNet GL-MT2500A | <3.216 | |
| GL.iNet GL-MT2500A Firmware | ||
| gl-inet gl-axt1800 | <3.216 | |
| GL.iNet GL-AX1800 | ||
| GL.iNet GL-A1300 Firmware | <3.216 | |
| GL.iNet GL-A1300 Firmware | ||
| Netgear Nighthawk AX1800 Firmware | <3.216 | |
| GL.iNet GL-AX1800 | ||
| GL.iNet SFT1200 firmware | <3.216 | |
| GL.iNet GL-SFT1200 | ||
| GL.iNet GL-MT1300 Firmware | <3.216 | |
| GL.iNet GL-MT1300 | ||
| GL.iNet GL-E750 | <3.216 | |
| GL.iNet GL-E750 | ||
| GL.iNet GL-MV1000 Firmware | <3.216 | |
| GL.iNet GL-MV1000 | ||
| gl-inet gl-mv1000 firmware | <3.216 | |
| GL.iNet GL-MV1000W | ||
| GL.iNet GL-S10 Firmware | <3.216 | |
| gl-inet gl-s10 firmware | ||
| GL.iNet GL-S200 | <3.216 | |
| GL.iNet GL-S200 Firmware | ||
| GL.iNet GL-S1300 Firmware | <3.216 | |
| GL.iNet GL-S1300 | ||
| GL.iNet GL-SF1200 | <3.216 | |
| GL.iNet GL-SF1200 | ||
| GL.iNet GL-B1300 Firmware | <3.216 | |
| GL.iNet GL-B1300 Firmware | ||
| GL.iNet GL-B2200 Firmware | <3.216 | |
| gl-inet gl-b2200 firmware | ||
| GL.iNet GL-AP1300LTE Firmware | <3.216 | |
| GL.iNet GL-AP1300 Firmware | ||
| GL.iNet GL-AP1300LTE Firmware | <3.216 | |
| GL.iNet GL-AP1300LTE Firmware | ||
| GL.Inet GL-X1200 Firmware | <3.216 | |
| GL.iNet GL-X1200 | ||
| GL.iNet GL-X750 Firmware | <3.216 | |
| gl-inet gl-x750 firmware | ||
| GL.iNet GL-X300B Firmware | <3.216 | |
| GL.iNet GL-X300B | ||
| gl.inet gl-xe300 firmware | <3.216 | |
| gl.inet gl-xe300 firmware | ||
| GL.iNet GL-AR750 Firmware | <3.216 | |
| GL.iNet GL-AR750 Firmware | ||
| GL.iNet GL-AR750 Firmware | <3.216 | |
| GL.iNet GL-AR750 Firmware | ||
| GL.iNet GL-MiFi Firmware | <3.216 | |
| GL.iNet GL-MiFi | ||
| GL.iNet GL-MT300N-V2 Firmware | <3.216 | |
| gl-inet gl-mt300n-v2 firmware | ||
| GL.iNet GL-AR300M Firmware | <3.216 | |
| GL.iNet GL-AR300M Firmware | ||
| GL.iNet GL-USB150 Firmware | <3.216 | |
| GL.iNet GL-USB150 Firmware | ||
| GL.iNet Microuter N300 | <3.216 | |
| GL.iNet Microuter N300 | ||
| All of | ||
| GL.iNet GL-S20 Firmware | <3.216 | |
| GL.iNet GL-S20 | ||
| All of | ||
| GL.iNet GL-X3000 Firmware | <3.216 | |
| GL.iNet GL-X3000 | ||
| All of | ||
| GL.iNet GL-MT3000 Firmware | <3.216 | |
| GL.iNet GL-MT3000 | ||
| All of | ||
| GL.iNet GL-MT2500 | <3.216 | |
| GL.iNet GL-MT2500 | ||
| All of | ||
| GL.iNet GL-MT2500A | <3.216 | |
| GL.iNet GL-MT2500A Firmware | ||
| All of | ||
| gl-inet gl-axt1800 | <3.216 | |
| GL.iNet GL-AX1800 | ||
| All of | ||
| GL.iNet GL-A1300 Firmware | <3.216 | |
| GL.iNet GL-A1300 Firmware | ||
| All of | ||
| Netgear Nighthawk AX1800 Firmware | <3.216 | |
| GL.iNet GL-AX1800 | ||
| All of | ||
| GL.iNet SFT1200 firmware | <3.216 | |
| GL.iNet GL-SFT1200 | ||
| All of | ||
| GL.iNet GL-MT1300 Firmware | <3.216 | |
| GL.iNet GL-MT1300 | ||
| All of | ||
| GL.iNet GL-E750 | <3.216 | |
| GL.iNet GL-E750 | ||
| All of | ||
| GL.iNet GL-MV1000 Firmware | <3.216 | |
| GL.iNet GL-MV1000 | ||
| All of | ||
| gl-inet gl-mv1000 firmware | <3.216 | |
| GL.iNet GL-MV1000W | ||
| All of | ||
| GL.iNet GL-S10 Firmware | <3.216 | |
| gl-inet gl-s10 firmware | ||
| All of | ||
| GL.iNet GL-S200 | <3.216 | |
| GL.iNet GL-S200 Firmware | ||
| All of | ||
| GL.iNet GL-S1300 Firmware | <3.216 | |
| GL.iNet GL-S1300 | ||
| All of | ||
| GL.iNet GL-SF1200 | <3.216 | |
| GL.iNet GL-SF1200 | ||
| All of | ||
| GL.iNet GL-B1300 Firmware | <3.216 | |
| GL.iNet GL-B1300 Firmware | ||
| All of | ||
| GL.iNet GL-B2200 Firmware | <3.216 | |
| gl-inet gl-b2200 firmware | ||
| All of | ||
| GL.iNet GL-AP1300LTE Firmware | <3.216 | |
| GL.iNet GL-AP1300 Firmware | ||
| All of | ||
| GL.iNet GL-AP1300LTE Firmware | <3.216 | |
| GL.iNet GL-AP1300LTE Firmware | ||
| All of | ||
| GL.Inet GL-X1200 Firmware | <3.216 | |
| GL.iNet GL-X1200 | ||
| All of | ||
| GL.iNet GL-X750 Firmware | <3.216 | |
| gl-inet gl-x750 firmware | ||
| All of | ||
| GL.iNet GL-X300B Firmware | <3.216 | |
| GL.iNet GL-X300B | ||
| All of | ||
| gl.inet gl-xe300 firmware | <3.216 | |
| gl.inet gl-xe300 firmware | ||
| All of | ||
| GL.iNet GL-AR750 Firmware | <3.216 | |
| GL.iNet GL-AR750 Firmware | ||
| All of | ||
| GL.iNet GL-AR750 Firmware | <3.216 | |
| GL.iNet GL-AR750 Firmware | ||
| All of | ||
| GL.iNet GL-MiFi Firmware | <3.216 | |
| GL.iNet GL-MiFi | ||
| All of | ||
| GL.iNet GL-MT300N-V2 Firmware | <3.216 | |
| gl-inet gl-mt300n-v2 firmware | ||
| All of | ||
| GL.iNet GL-AR300M Firmware | <3.216 | |
| GL.iNet GL-AR300M Firmware | ||
| All of | ||
| GL.iNet GL-USB150 Firmware | <3.216 | |
| GL.iNet GL-USB150 Firmware | ||
| All of | ||
| GL.iNet Microuter N300 | <3.216 | |
| GL.iNet Microuter N300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-31471?
CVE-2023-31471 is classified as a critical vulnerability due to its ability to allow the installation of arbitrary software on GL.iNet devices.
How do I fix CVE-2023-31471?
To fix CVE-2023-31471, update your GL.iNet device firmware to version 3.216 or later, which patches the vulnerability.
Which devices are affected by CVE-2023-31471?
CVE-2023-31471 affects various GL.iNet devices running firmware versions prior to 3.216.
What kind of attack can CVE-2023-31471 enable?
CVE-2023-31471 can enable an attacker to install malicious software, such as a reverse shell, leading to potential remote code execution.
How does CVE-2023-31471 exploit device vulnerabilities?
CVE-2023-31471 exploits the limitations on the package list, which rely solely on client-side verification, allowing unauthorized software installations.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/last-modified-date
- agent/author
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/gl-inet
- canonical/gl.inet gl-s20 firmware
- canonical/gl.inet gl-s20
- canonical/gl.inet gl-x3000 firmware
- canonical/gl.inet gl-x3000
- canonical/gl.inet gl-mt3000 firmware
- canonical/gl.inet gl-mt3000
- canonical/gl.inet gl-mt2500
- canonical/gl.inet gl-mt2500a
- canonical/gl.inet gl-mt2500a firmware
- canonical/gl-inet gl-axt1800
- canonical/gl.inet gl-ax1800
- canonical/gl.inet gl-a1300 firmware
- canonical/netgear nighthawk ax1800 firmware
- canonical/gl.inet sft1200 firmware
- canonical/gl.inet gl-sft1200
- canonical/gl.inet gl-mt1300 firmware
- canonical/gl.inet gl-mt1300
- canonical/gl.inet gl-e750
- canonical/gl.inet gl-mv1000 firmware
- canonical/gl.inet gl-mv1000
- canonical/gl-inet gl-mv1000 firmware
- canonical/gl.inet gl-mv1000w
- canonical/gl.inet gl-s10 firmware
- canonical/gl-inet gl-s10 firmware
- canonical/gl.inet gl-s200
- canonical/gl.inet gl-s200 firmware
- canonical/gl.inet gl-s1300 firmware
- canonical/gl.inet gl-s1300
- canonical/gl.inet gl-sf1200
- canonical/gl.inet gl-b1300 firmware
- canonical/gl.inet gl-b2200 firmware
- canonical/gl-inet gl-b2200 firmware
- canonical/gl.inet gl-ap1300lte firmware
- canonical/gl.inet gl-ap1300 firmware
- canonical/gl.inet gl-x1200 firmware
- canonical/gl.inet gl-x1200
- canonical/gl.inet gl-x750 firmware
- canonical/gl-inet gl-x750 firmware
- canonical/gl.inet gl-x300b firmware
- canonical/gl.inet gl-x300b
- canonical/gl.inet gl-xe300 firmware
- canonical/gl.inet gl-ar750 firmware
- canonical/gl.inet gl-mifi firmware
- canonical/gl.inet gl-mifi
- canonical/gl.inet gl-mt300n-v2 firmware
- canonical/gl-inet gl-mt300n-v2 firmware
- canonical/gl.inet gl-ar300m firmware
- canonical/gl.inet gl-usb150 firmware
- canonical/gl.inet microuter n300