Skip to main content

Ar300m16 Firmware

17 CVEs product

Monthly

CVE-2026-26793 CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 has a command injection in the set_config function, adding to the growing list of injection vulnerabilities in this device. This is the fourth distinct command injection CVE for this router model.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26795 CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 contains another command injection vulnerability, this time via the module parameter in the M.get_system_log function. Part of a series of command injection flaws in this router model.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26794 HIGH This Week

SQL injection in GL-iNet GL-AR300M16 firmware v4.3.11 allows authenticated attackers to execute arbitrary database commands through the add_group() function via crafted HTTP requests. The vulnerability affects all installations of the affected firmware version and requires valid credentials to exploit. No patch is currently available to remediate this high-severity flaw.

SQLi Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26792 CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 has multiple command injection vulnerabilities in the set_upgrade function through seven different parameters. Each parameter provides an independent code execution vector on the router.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26791 CRITICAL Act Now

GL-iNet GL-AR300M16 router (v4.3.11) is vulnerable to command injection through the string port parameter in the enable_echo_server function. Unauthenticated attackers can execute arbitrary commands on the router.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-45263 HIGH This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload Mt6000 Firmware Mt3000 Firmware Mt2500 Firmware Axt1800 Firmware +17
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-45262 HIGH POC This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mt2500 Firmware Axt1800 Firmware Ax1800 Firmware B3000 Firmware +17
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-45261 HIGH POC This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mt2500 Firmware Axt1800 Firmware Ax1800 Firmware B3000 Firmware +17
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-45260 HIGH POC This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mt6000 Firmware B1300 Firmware Mt2500 Firmware Axt1800 Firmware +17
NVD GitHub
CVSS 3.1
8.0
EPSS
3.9%
CVE-2024-45259 MEDIUM POC This Month

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mt3000 Firmware Mt2500 Firmware Axt1800 Firmware Ax1800 Firmware +17
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-28077 HIGH This Week

A denial-of-service issue was discovered on certain GL-iNet devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mt6000 Firmware X3000 Firmware Xe3000 Firmware A1300 Firmware +14
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-39229 MEDIUM POC This Month

An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Mt6000 Firmware A1300 Firmware X300B Firmware Ax1800 Firmware +24
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-39227 CRITICAL POC Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Mt6000 Firmware A1300 Firmware X300B Firmware +25
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-39228 CRITICAL POC Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mt6000 Firmware A1300 Firmware X300B Firmware Ax1800 Firmware +24
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-39226 CRITICAL POC THREAT Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mt6000 Firmware A1300 Firmware X300B Firmware Ax1800 Firmware +24
NVD GitHub
CVSS 3.1
9.8
EPSS
20.6%
CVE-2024-39225 CRITICAL POC THREAT Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mt6000 Firmware A1300 Firmware X300B Firmware Ax1800 Firmware +24
NVD GitHub
CVSS 3.1
9.8
EPSS
14.5%
CVE-2024-27356 HIGH POC THREAT This Week

An issue was discovered on certain GL-iNet devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mt6000 Firmware Xe3000 Firmware X3000 Firmware Mt3000 Firmware +22
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
23.9%
EPSS 0% CVSS 9.8
CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 has a command injection in the set_config function, adding to the growing list of injection vulnerabilities in this device. This is the fourth distinct command injection CVE for this router model.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 contains another command injection vulnerability, this time via the module parameter in the M.get_system_log function. Part of a series of command injection flaws in this router model.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

SQL injection in GL-iNet GL-AR300M16 firmware v4.3.11 allows authenticated attackers to execute arbitrary database commands through the add_group() function via crafted HTTP requests. The vulnerability affects all installations of the affected firmware version and requires valid credentials to exploit. No patch is currently available to remediate this high-severity flaw.

SQLi Ar300m16 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 has multiple command injection vulnerabilities in the set_upgrade function through seven different parameters. Each parameter provides an independent code execution vector on the router.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

GL-iNet GL-AR300M16 router (v4.3.11) is vulnerable to command injection through the string port parameter in the enable_echo_server function. Unauthenticated attackers can execute arbitrary commands on the router.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload Mt6000 Firmware Mt3000 Firmware +19
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mt2500 Firmware Axt1800 Firmware +19
NVD GitHub
EPSS 0% CVSS 8.0
HIGH POC This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mt2500 Firmware Axt1800 Firmware +19
NVD GitHub
EPSS 4% CVSS 8.0
HIGH POC This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mt6000 Firmware B1300 Firmware +19
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mt3000 Firmware Mt2500 Firmware +19
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

A denial-of-service issue was discovered on certain GL-iNet devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mt6000 Firmware X3000 Firmware +16
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Mt6000 Firmware A1300 Firmware +26
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Mt6000 Firmware +27
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mt6000 Firmware A1300 Firmware +26
NVD GitHub
EPSS 21% CVSS 9.8
CRITICAL POC THREAT Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mt6000 Firmware A1300 Firmware +26
NVD GitHub
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mt6000 Firmware A1300 Firmware +26
NVD GitHub
EPSS 24% CVSS 7.5
HIGH POC THREAT This Week

An issue was discovered on certain GL-iNet devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mt6000 Firmware Xe3000 Firmware +24
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy