cvedb.io
CVE-2023-31476
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2023-05-09T16:15:14.680 · Last modified 2026-06-17T05:57:04.107

Summary

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www).

Affected products

gl-inet — gl-mv1000w_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when gl-inet ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.