CVE-2023-31471 Information

Description

An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature it is possible to install arbitrary software such as a reverse shell because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem the package list or a URL.

Reference

https://www.gl-inet.com https://github.com/gl-inet/CVE-issues/blob/main/3.215/Abuse_of_Functionality_leads_to_RCE.md