CVE-2023-31474
- Reference to the description:
- Description:
- An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.
- Last updated date:
- 01/29/2025
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 05/16/2023
- Reference url to background
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Directory_Listing.md