CVE-2023-31475

Name of the Vulnerable Software and Affected Versions GL.iNet devices versions prior to 3.216

Description An issue was discovered where the function guci2 get() found in libglutil.so has a buffer overflow. This occurs when an item is requested from a UCI context and the value is pasted into a char pointer to a buffer without checking the size of the buffer.

Recommendations For versions prior to 3.216, update to version 3.216 or later to resolve the issue. As a temporary workaround, consider restricting access to the guci2 get() function until a patch is available.