Skip to content
MEMORIAL DAY SAVINGS - UP TO 50% OFF
MEMORIAL DAY SAVINGS - UP TO 50% OFF
United States ($USD) / English
May 2023 Vulnerabilities and Bug Fix
May 17, 2023 by Tanya Lau

May 2023 Vulnerabilities and Bug Fix

GL.iNet has recently announced a list of fixed vulnerabilities and CVEs on its firmware and cloud products.

GL.iNet offers a range of features and tools for users, but it’s important to keep an eye on potential security threats to protect yourself and your data and to keep your firmware updated to the latest version. We strongly advise users who have encountered the issues below to upgrade their firmware to 3.216 and above.

If you come across any vulnerabilities or bugs with GL.iNet products, please feel free to report them by sending an email to support@glinet.biz. We have a 90-day policy for vulnerability disclosure, so you can rest assured that your concerns will be addressed in a timely manner.


  1. CVE-2023-31471
    • Summary: Command Injection in network tools in router firmware allows arbitrary software to be installed
    • Affected software: Firmware 3.215 and earlier
    • Attention: Users please upgrade firmware to 3.216 and above
    • Credits: Simone Onofri, Luca Napolitano

  1. CVE-2023-31472
    • Summary: Command Injection in network tools in router firmware allows the creation of arbitrary files
    • Affected software: Firmware 3.215 and earlier
    • Attention: Users please upgrade firmware to 3.216 and above
    • Credits: Legoclones

  1. CVE-2023-31473
    • Summary: Command Injection in network tools in router firmware allows arbitrary files to be read
    • Affected software: Firmware 3.215 and earlier
    • Attention: Users please upgrade firmware to 3.216 and above
    • Credits: Simone Onofri, Luca Napolitano

  1. CVE-2023-31474
    • Summary: Command Injection in network tools in router firmware allows browsing of any directory
    • Affected software: Firmware 3.215 and earlier
    • Attention: Users please upgrade firmware to 3.216 and above
    • Credits: Simone Onofri, Luca Napolitano

  1. CVE-2023-31475
    • Summary: Command Injection in network tools in router firmware causes a buffer overflow
    • Affected software: Firmware 3.215 and earlier
    • Attention: Users please upgrade firmware to 3.216 and above
    • Credits: Legoclones

  1. CVE-2023-31476
    • Summary: Command Injection in network tools in the MV1000 router firmware allows the creation of arbitrary files
    • Affected software: Firmware 3.215 and earlier
    • Attention: Users please upgrade firmware to 3.216 and above
    • Credits: Legoclones

  1. CVE-2023-31477
    • Summary: Command Injection in network tools in router firmware allows sharing any directory
    • Affected software: Firmware 3.215 and earlier
    • Attention: Users please upgrade firmware to 3.216 and above
    • Credits: Simone Onofri, Luca Napolitano

  1. CVE-2023-31478
    • Summary: Command Injection in network tools in router firmware leaks the SSID Key
    • Affected software: Firmware 3.215 and earlier
    • Attention: Users please upgrade firmware to 3.216 and above
    • Credits: Legoclones
Filed in: bugs, cve, GL-iNet, migrated, vulnerabilities
Previous article Announcing the GL.iNet and RemoteToHome Partnership

Compare products

{"one"=>"Select 2 or 3 items to compare", "other"=>"{{ count }} of 3 items selected"}

Select first item to compare

Select second item to compare

Select third item to compare

Compare