Path Traversal Vulnerability in GL.iNet Devices

Path Traversal Vulnerability in GL.iNet Devices

CVE-2023-31477 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path.

Learn more about our Cis Benchmark Audit For Server Software.