Ar300m16 Firmware
CVE-2026-26794
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request.
AnalysisAI
SQL injection in GL-iNet GL-AR300M16 firmware v4.3.11 allows authenticated attackers to execute arbitrary database commands through the add_group() function via crafted HTTP requests. The vulnerability affects all installations of the affected firmware version and requires valid credentials to exploit. No patch is currently available to remediate this high-severity flaw.
Technical ContextAI
The GL-AR300M16 is a compact travel router running OpenWrt-based firmware, commonly used in small office and travel scenarios for creating secure network connections. The vulnerability manifests as a classic SQL injection (CWE-89) where user-supplied input in the add_group() function is not properly sanitized before being incorporated into SQL queries, allowing attackers to inject malicious SQL statements. This type of vulnerability typically occurs when dynamic SQL queries are constructed using string concatenation without proper input validation or parameterized queries, enabling attackers to manipulate the underlying database structure and data.
RemediationAI
The primary remediation is to update the GL-AR300M16 firmware to a version newer than 4.3.11 once GL-iNet releases a security patch addressing this SQL injection vulnerability. Until an official patch is available, organizations should implement compensating controls including restricting administrative access to trusted IP addresses only, enabling strong authentication mechanisms, monitoring for suspicious database queries or unauthorized group creation attempts, and considering placing affected devices behind additional security controls such as web application firewalls that can filter SQL injection attempts.
More in Ar300m16 Firmware
View allGL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated h
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated h
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated h
An issue was discovered on certain GL-iNet devices. Rated high severity (CVSS 7.5), this vulnerability is remotely explo
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated m
GL-iNet GL-AR300M16 v4.3.11 has a command injection in the set_config function, adding to the growing list of injection
GL-iNet GL-AR300M16 v4.3.11 contains another command injection vulnerability, this time via the module parameter in the
GL-iNet GL-AR300M16 v4.3.11 has multiple command injection vulnerabilities in the set_upgrade function through seven dif
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today