CVE-2023-31477

Name of the Vulnerable Software and Affected Versions GL.iNet devices versions prior to 3.216

Description A path traversal issue was discovered, allowing the sharing of arbitrary directories, such as /tmp or /etc, through the file sharing feature due to the lack of server-side restrictions limiting sharing to the USB path.

Recommendations For versions prior to 3.216, update to version 3.216 or later to resolve the issue. As a temporary workaround, consider disabling the file sharing feature until a patch is available. Restrict access to sensitive directories to minimize the risk of exploitation.