Mt3000
Monthly
Hard-coded cryptographic key exposure in the glnassys (GL.iNet NAS system) component across eight GL.iNet router models running firmware 4.8.x enables a low-privileged remote attacker to exploit a static authentication token and potentially execute unauthorized commands against the NAS subsystem. The vulnerability is rooted in CWE-321 (Use of Hard-coded Cryptographic Key), where the firmware embeds a fixed authentication secret that cannot be rotated by users or administrators. No public exploit identified at time of analysis, and the vendor has released firmware 4.9.0 as a fix.
Command injection in GL.iNet MT3000 routers running firmware up to version 4.4.5 allows authenticated remote attackers to execute arbitrary OS commands by supplying a crafted OpenVPN configuration file through the device's OpenVPN Client Import Workflow. The shell script ovpnclient.sh processes imported .ovpn files without adequately sanitizing user-controlled content, enabling embedded shell metacharacters or directives to execute at the OS level. A public proof-of-concept exploit is available on GitHub; an official vendor-released patch exists in beta firmware, and no public exploit identified at time of analysis has been confirmed by CISA KEV as actively exploited in the wild.
Hard-coded cryptographic key exposure in the glnassys (GL.iNet NAS system) component across eight GL.iNet router models running firmware 4.8.x enables a low-privileged remote attacker to exploit a static authentication token and potentially execute unauthorized commands against the NAS subsystem. The vulnerability is rooted in CWE-321 (Use of Hard-coded Cryptographic Key), where the firmware embeds a fixed authentication secret that cannot be rotated by users or administrators. No public exploit identified at time of analysis, and the vendor has released firmware 4.9.0 as a fix.
Command injection in GL.iNet MT3000 routers running firmware up to version 4.4.5 allows authenticated remote attackers to execute arbitrary OS commands by supplying a crafted OpenVPN configuration file through the device's OpenVPN Client Import Workflow. The shell script ovpnclient.sh processes imported .ovpn files without adequately sanitizing user-controlled content, enabling embedded shell metacharacters or directives to execute at the OS level. A public proof-of-concept exploit is available on GitHub; an official vendor-released patch exists in beta firmware, and no public exploit identified at time of analysis has been confirmed by CISA KEV as actively exploited in the wild.