Lucene search

[email protected]CVE-2023-31478

HistoryMay 09, 2023 - 11:15 p.m.

CVE-2023-31478

2023-05-0923:15:09

[email protected]

web.nvd.nist.gov

cve-2023-31478

gl.inet

information disclosure

wi-fi

api security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.4%

JSON

An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.

Affected configurations

NVD

Node

gl-inetgl-s20_firmwareRange<3.216

AND

gl-inetgl-s20Match-

Node

gl-inetgl-x3000_firmwareRange<3.216

AND

gl-inetgl-x3000Match-

Node

gl-inetgl-mt3000_firmwareRange<3.216

AND

gl-inetgl-mt3000Match-

Node

gl-inetgl-mt2500_firmwareRange<3.216

AND

gl-inetgl-mt2500Match-

Node

gl-inetgl-mt2500a_firmwareRange<3.216

AND

gl-inetgl-mt2500aMatch-

Node

gl-inetgl-axt1800_firmwareRange<3.216

AND

gl-inetgl-axt1800Match-

Node

gl-inetgl-a1300_firmwareRange<3.216

AND

gl-inetgl-a1300Match-

Node

gl-inetgl-ax1800_firmwareRange<3.216

AND

gl-inetgl-ax1800Match-

Node

gl-inetgl-sft1200_firmwareRange<3.216

AND

gl-inetgl-sft1200Match-

Node

gl-inetgl-mt1300_firmwareRange<3.216

AND

gl-inetgl-mt1300Match-

Node

gl-inetgl-e750_firmwareRange<3.216

AND

gl-inetgl-e750Match-

Node

gl-inetgl-mv1000_firmwareRange<3.216

AND

gl-inetgl-mv1000Match-

Node

gl-inetgl-mv1000w_firmwareRange<3.216

AND

gl-inetgl-mv1000wMatch-

Node

gl-inetgl-s10_firmwareRange<3.216

AND

gl-inetgl-s10Match-

Node

gl-inetgl-s200_firmwareRange<3.216

AND

gl-inetgl-s200Match-

Node

gl-inetgl-s1300_firmwareRange<3.216

AND

gl-inetgl-s1300Match-

Node

gl-inetgl-sf1200_firmwareRange<3.216

AND

gl-inetgl-sf1200Match-

Node

gl-inetgl-b1300_firmwareRange<3.216

AND

gl-inetgl-b1300Match-

Node

gl-inetgl-b2200_firmwareRange<3.216

AND

gl-inetgl-b2200Match-

Node

gl-inetgl-ap1300_firmwareRange<3.216

AND

gl-inetgl-ap1300Match-

Node

gl-inetgl-ap1300lte_firmwareRange<3.216

AND

gl-inetgl-ap1300lteMatch-

Node

gl-inetgl-x1200_firmwareRange<3.216

AND

gl-inetgl-x1200Match-

Node

gl-inetgl-x750_firmwareRange<3.216

AND

gl-inetgl-x750Match-

Node

gl-inetgl-x300b_firmwareRange<3.216

AND

gl-inetgl-x300bMatch-

Node

gl-inetgl-xe300_firmwareRange<3.216

AND

gl-inetgl-xe300Match-

Node

gl-inetgl-ar750s_firmwareRange<3.216

AND

gl-inetgl-ar750sMatch-

Node

gl-inetgl-ar750_firmwareRange<3.216

AND

gl-inetgl-ar750Match-

Node

gl-inetgl-mifi_firmwareRange<3.216

AND

gl-inetgl-mifiMatch-

Node

gl-inetgl-mt300n-v2_firmwareRange<3.216

AND

gl-inetgl-mt300n-v2Match-

Node

gl-inetgl-ar300m_firmwareRange<3.216

AND

gl-inetgl-ar300mMatch-

Node

gl-inetgl-usb150_firmwareRange<3.216

AND

gl-inetgl-usb150Match-

Node

gl-inetmicrouter-n300_firmwareRange<3.216

AND

gl-inetmicrouter-n300Match-

CPENameOperatorVersion
gl-inet:gl-s20_firmwaregl-inet gl-s20 firmwarelt3.216

CPE	Name	Operator	Version
gl-inet:gl-s20_firmware	gl-inet gl-s20 firmware	lt	3.216

References

github.com/gl-inet/CVE-issues/blob/main/3.215/SSID_Key_Disclosure.md

www.gl-inet.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.4%

JSON

Related for CVE-2023-31478

prion1 cvelist1 nvd2 cve1 wallarmlab1