307 matches found
CVE-2026-26794
CVE-2026-26794 affects GL-iNet GL-AR300M16 (v4.3.11). Connected sources specify a SQL injection via the add_group() function, enabling an attacker to perform arbitrary SQL operations through a crafted HTTP request. The CVSS 3.1 metrics in the initial entry indicate NETWORK access, HIGH impact on ...
CVE-2026-26795
CVE-2026-26795 affects GL-iNet GL-AR300M16 running v4.3.11. The issue is a command injection via the module parameter in the M.get_system_log function, allowing execution of arbitrary commands. Impact is high (confidentiality, integrity, and availability), with network-based exploitation and no p...
PT-2026-25049
🔴 CVE-2026-26793 - Critical GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set config function. This vulnerability allows attackers to execute arbitrary commands via ... https://t.co/4ioEauePbG https://t.co/UVrVh3JYcc...
GL-iNet GL-AR300M16 安全漏洞
GL-iNet GL-AR300M16 is a portable mini router produced by the Chinese company GL-iNet. The GL-iNet GL-AR300M16 v4.3.11 version contains a security vulnerability. This vulnerability stems from the string port parameter in the enableechoserver function, which allows for command injection, potential...
CVE-2026-26792
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the setupgrade function via the modemurl, targetversion, currentversion, firmwareupload, hashtype, hashvalue, and upgradetype parameters. These vulnerabilities allow attackers to execute arbitrary...
PT-2026-25027
🔴 CVE-2026-26795 - Critical GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get system log function. This vulnerability allows attackers to e... https://t.co/NCxeIgOxEq https://t.co/P5rgFdajLA...
CVE-2026-26793
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the setconfig function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
GL-iNet GL-AR300M16 安全漏洞
GL-iNet GL-AR300M16 is a portable mini router produced by the Chinese company GL-iNet. The version GL-iNet GL-AR300M16 v4.3.11 contains a security vulnerability. This vulnerability stems from an SQL injection vulnerability in the addgroup function, which may allow for the execution of arbitrary S...
GL-iNet GL-AR300M16 安全漏洞
GL-iNet GL-AR300M16 is a portable mini router produced by the Chinese company GL-iNet. The GL-iNet GL-AR300M16 v4.3.11 version contains a security vulnerability. This vulnerability stems from a command injection vulnerability in the setconfig function, which may allow for the execution of arbitra...
CVE-2026-26792
GL-iNet GL-AR300M16 v4.3.11 contains multiple command-injection vulnerabilities in the set_upgrade function accessible via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. Exploitation allows arbitrary command execution through c...
CVE-2026-26791
GL-iNet GL-AR300M16 v4.3.11 contains a command injection vulnerability in the enable_echo_server function exposed via the port parameter. A crafted input can lead to arbitrary command execution on the device. The CVE entry indicates a network-exposed impact with high severity, but the provided do...
CVE-2026-26794
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...
CVE-2026-26793
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the setconfig function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2026-26794
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...
PT-2026-25026
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add group function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...
CVE-2026-26793
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the setconfig function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2026-26792
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the setupgrade function via the modemurl, targetversion, currentversion, firmwareupload, hashtype, hashvalue, and upgradetype parameters. These vulnerabilities allow attackers to execute arbitrary...
CVE-2026-26795
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
Exploit for OS Command Injection in Gl-Inet Gl-Mt300N-V2_Firmware
🥭 MangoPunch: CVE-2022-31898 Authenticated OS Command Inje...
CVE-2023-31473
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to injec...