Vulnerability Description
An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gl-Inet | Gl-S20 Firmware | < 3.216 |
| Gl-Inet | Gl-S20 | - |
| Gl-Inet | Gl-X3000 Firmware | < 3.216 |
| Gl-Inet | Gl-X3000 | - |
| Gl-Inet | Gl-Mt3000 Firmware | < 3.216 |
| Gl-Inet | Gl-Mt3000 | - |
| Gl-Inet | Gl-Mt2500 Firmware | < 3.216 |
| Gl-Inet | Gl-Mt2500 | - |
| Gl-Inet | Gl-Mt2500A Firmware | < 3.216 |
| Gl-Inet | Gl-Mt2500A | - |
| Gl-Inet | Gl-Axt1800 Firmware | < 3.216 |
| Gl-Inet | Gl-Axt1800 | - |
| Gl-Inet | Gl-A1300 Firmware | < 3.216 |
| Gl-Inet | Gl-A1300 | - |
| Gl-Inet | Gl-Ax1800 Firmware | < 3.216 |
| Gl-Inet | Gl-Ax1800 | - |
| Gl-Inet | Gl-Sft1200 Firmware | < 3.216 |
| Gl-Inet | Gl-Sft1200 | - |
| Gl-Inet | Gl-Mt1300 Firmware | < 3.216 |
| Gl-Inet | Gl-Mt1300 | - |
References
- https://github.com/gl-inet/CVE-issues/blob/main/3.215/SSID_Key_Disclosure.mdExploitIssue TrackingThird Party Advisory
- https://www.gl-inet.comProduct
- https://github.com/gl-inet/CVE-issues/blob/main/3.215/SSID_Key_Disclosure.mdExploitIssue TrackingThird Party Advisory
- https://www.gl-inet.comProduct
FAQ
What is CVE-2023-31478?
CVE-2023-31478 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.
How severe is CVE-2023-31478?
CVE-2023-31478 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-31478?
Check the references section above for vendor advisories and patch information. Affected products include: Gl-Inet Gl-S20 Firmware, Gl-Inet Gl-S20, Gl-Inet Gl-X3000 Firmware, Gl-Inet Gl-X3000, Gl-Inet Gl-Mt3000 Firmware.