CVE-2023-31473
- Reference to the description:
- Description:
- An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file.
- Last updated date:
- 05/22/2023
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 05/22/2023
- Reference url to background
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Read.md