CVE-2023-31475 - OpenCVE

An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Gl-inet	Gl-e750 Gl-mt2500 Firmware Gl-s1300 Gl-mt3000 Gl-x300b Gl-ar750 Firmware Gl-mt2500a Firmware Gl-s10 Gl-b1300 Firmware Gl-sft1200 Firmware Gl-xe300 Firmware Gl-x1200 Firmware Gl-mv1000 Gl-mv1000w Firmware Gl-a1300 Firmware Gl-ap1300 Gl-s20 Firmware Gl-mt2500 Gl-mt300n-v2 Firmware Gl-mt3000 Firmware Gl-x3000 Gl-b1300 Gl-ar750s Firmware Gl-s200 Firmware Gl-mt2500a Gl-ap1300 Firmware Gl-ap1300lte Firmware Gl-mifi Microuter-n300 Firmware Gl-axt1800 Gl-s20 Microuter-n300 Gl-ar750 Gl-s1300 Firmware Gl-sf1200 Firmware Gl-ar300m Gl-x750 Firmware Gl-x300b Firmware Gl-mt1300 Firmware Gl-s10 Firmware Gl-a1300 Gl-ax1800 Firmware Gl-mv1000 Firmware Gl-b2200 Gl-ar750s Gl-sft1200 Gl-sf1200 Gl-usb150 Gl-e750 Firmware Gl-mt1300 Gl-ap1300lte Gl-x750 Gl-x1200 Gl-mv1000w Gl-mifi Firmware Gl-b2200 Firmware Gl-mt300n-v2 Gl-usb150 Firmware Gl-ar300m Firmware Gl-x3000 Firmware Gl-ax1800 Gl-xe300 Gl-axt1800 Firmware Gl-s200

Configuration 1 [-]

AND

cpe:2.3:o:gl-inet:gl-s20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-s20:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:gl-inet:gl-x3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-x3000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:gl-inet:gl-mt2500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:gl-inet:gl-mt2500a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt2500a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:gl-inet:gl-axt1800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:gl-inet:gl-a1300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:gl-inet:gl-sft1200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-sft1200:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:gl-inet:gl-mt1300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:gl-inet:gl-e750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-e750:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:gl-inet:gl-mv1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mv1000:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:gl-inet:gl-mv1000w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mv1000w:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:gl-inet:gl-s10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-s10:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:gl-inet:gl-s200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-s200:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:gl-inet:gl-s1300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-s1300:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:gl-inet:gl-sf1200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-sf1200:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:gl-inet:gl-b1300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:gl-inet:gl-b2200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-b2200:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:gl-inet:gl-ap1300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ap1300:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:gl-inet:gl-ap1300lte_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ap1300lte:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:gl-inet:gl-x1200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-x1200:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:gl-inet:gl-x750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-x750:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:gl-inet:gl-x300b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-x300b:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:gl-inet:gl-xe300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-xe300:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:gl-inet:gl-ar750s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:gl-inet:gl-ar750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:gl-inet:gl-mifi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mifi:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:gl-inet:gl-ar300m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:gl-inet:gl-usb150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:gl-usb150:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:gl-inet:microuter-n300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:microuter-n300:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Buffer_Overflow.md	Exploit Third Party Advisory
https://justinapplegate.me/2023/glinet-CVE-2023-31475/
https://www.gl-inet.com	Vendor Advisory