May 2023 Vulnerabilities and Bug Fix
GL.iNet has recently announced a list of fixed vulnerabilities and CVEs on its firmware and cloud products.
GL.iNet offers a range of features and tools for users, but it’s important to keep an eye on potential security threats to protect yourself and your data and to keep your firmware updated to the latest version. We strongly advise users who have encountered the issues below to upgrade their firmware to 3.216 and above.
If you come across any vulnerabilities or bugs with GL.iNet products, please feel free to report them by sending an email to support@glinet.biz. We have a 90-day policy for vulnerability disclosure, so you can rest assured that your concerns will be addressed in a timely manner.
- CVE-2023-31471
- Summary: Command Injection in network tools in router firmware allows arbitrary software to be installed
- Affected software: Firmware 3.215 and earlier
- Attention: Users please upgrade firmware to 3.216 and above
- Credits: Simone Onofri, Luca Napolitano
- CVE-2023-31472
- Summary: Command Injection in network tools in router firmware allows the creation of arbitrary files
- Affected software: Firmware 3.215 and earlier
- Attention: Users please upgrade firmware to 3.216 and above
- Credits: Legoclones
- CVE-2023-31473
- Summary: Command Injection in network tools in router firmware allows arbitrary files to be read
- Affected software: Firmware 3.215 and earlier
- Attention: Users please upgrade firmware to 3.216 and above
- Credits: Simone Onofri, Luca Napolitano
- CVE-2023-31474
- Summary: Command Injection in network tools in router firmware allows browsing of any directory
- Affected software: Firmware 3.215 and earlier
- Attention: Users please upgrade firmware to 3.216 and above
- Credits: Simone Onofri, Luca Napolitano
- CVE-2023-31475
- Summary: Command Injection in network tools in router firmware causes a buffer overflow
- Affected software: Firmware 3.215 and earlier
- Attention: Users please upgrade firmware to 3.216 and above
- Credits: Legoclones
- CVE-2023-31476
- Summary: Command Injection in network tools in the MV1000 router firmware allows the creation of arbitrary files
- Affected software: Firmware 3.215 and earlier
- Attention: Users please upgrade firmware to 3.216 and above
- Credits: Legoclones
- CVE-2023-31477
- Summary: Command Injection in network tools in router firmware allows sharing any directory
- Affected software: Firmware 3.215 and earlier
- Attention: Users please upgrade firmware to 3.216 and above
- Credits: Simone Onofri, Luca Napolitano
- CVE-2023-31478
- Summary: Command Injection in network tools in router firmware leaks the SSID Key
- Affected software: Firmware 3.215 and earlier
- Attention: Users please upgrade firmware to 3.216 and above
- Credits: Legoclones
About GL.iNet
GL.iNet builds network hardware and software solutions that bring affordable and secure network connectivity to families and businesses all over the world. We work with a wide range of industries, solving everyday internet problems in offices, and providing complex networking solutions such as smart buildings and IoT Networks. At GL.iNet, We believe all successful businesses build upon a strong and secure foundation, which is why our highest priority is perfecting network security and reliability for our partners.