Skip to main content

Ar300m16 Firmware CVE-2026-26792

CRITICAL
Command Injection (CWE-77)
2026-03-12 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 19:57 vuln.today
CVE Published
Mar 12, 2026 - 18:16 nvd
CRITICAL 9.8

DescriptionCVE.org

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. These vulnerabilities allow attackers to execute arbitrary commands via a crafted input.

AnalysisAI

GL-iNet GL-AR300M16 v4.3.11 has multiple command injection vulnerabilities in the set_upgrade function through seven different parameters. Each parameter provides an independent code execution vector on the router.

Technical ContextAI

The set_upgrade function concatenates multiple user-controlled parameters into system commands without sanitization (CWE-77). Seven separate parameters are vulnerable: modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type.

RemediationAI

Update to a patched firmware version. Block access to the management interface from WAN. Consider replacing the device if no patch is forthcoming.

CVE-2024-39227 CRITICAL POC
9.8 Aug 06

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/

CVE-2024-39228 CRITICAL POC
9.8 Aug 06

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/

CVE-2024-39226 CRITICAL POC
9.8 Aug 06

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/

CVE-2024-39225 CRITICAL POC
9.8 Aug 06

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/

CVE-2024-45262 HIGH POC
8.8 Oct 24

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated h

CVE-2024-45261 HIGH POC
8.0 Oct 24

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated h

CVE-2024-45260 HIGH POC
8.0 Oct 24

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated h

CVE-2024-27356 HIGH POC
7.5 Feb 27

An issue was discovered on certain GL-iNet devices. Rated high severity (CVSS 7.5), this vulnerability is remotely explo

CVE-2024-45259 MEDIUM POC
6.5 Oct 24

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated m

CVE-2026-26793 CRITICAL
9.8 Mar 12

GL-iNet GL-AR300M16 v4.3.11 has a command injection in the set_config function, adding to the growing list of injection

CVE-2026-26795 CRITICAL
9.8 Mar 12

GL-iNet GL-AR300M16 v4.3.11 contains another command injection vulnerability, this time via the module parameter in the

CVE-2026-26791 CRITICAL
9.8 Mar 12

GL-iNet GL-AR300M16 router (v4.3.11) is vulnerable to command injection through the string port parameter in the enable_

Share

CVE-2026-26792 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy