CVE-2023-31475 (gl-a1300_firmware, gl-ap1300_firmware, gl-ap1300lte_firmware, gl-ar300m_firmware, gl-ar750_firmware, gl-ar750s_firmware, gl-ax1800_firmware, gl-axt1800_firmware, gl-b1300_firmware, gl-b2200_firmware, gl-e750_firmware, gl-mifi_firmware

An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.

buffer buffer overflow char context cve devices function issue overflow size value