CVE-2023-31471

Name of the Vulnerable Software and Affected Versions GL.iNet devices versions prior to 3.216

Description An issue was discovered that allows the installation of arbitrary software, such as a reverse shell, through the software installation feature. This is possible because the restrictions on the available package list are limited to client-side verification, allowing software installation from the filesystem, the package list, or a URL.

Recommendations For versions prior to 3.216, as a temporary workaround, consider disabling the software installation feature until a patch is available. Restrict access to the software installation module to minimize the risk of exploitation. Avoid using the software installation feature to install software from untrusted sources, such as arbitrary URLs or unverified packages, until the issue is resolved.