CVE-2023-31476

Name of the Vulnerable Software and Affected Versions GL.iNet devices running firmware prior to 3.216

Description An issue allows for arbitrary file write, enabling the creation of an empty file almost anywhere on the filesystem, given that the filename and path are no more than 6 characters. The working directory for this issue is /www.

Recommendations For GL.iNet devices running firmware prior to 3.216, update to firmware version 3.216 or later to resolve the issue. As a temporary workaround, consider restricting write access to sensitive areas of the filesystem to minimize the risk of exploitation.