Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

105 matches found

EUVD
EUVDadded 2026/06/15 12:31 a.m.10 views

EUVD-2026-36666

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

9CVSS7.5AI score0.0194EPSS
Exploits0References7
NVD
NVDadded 2026/06/14 11:16 p.m.9 views

CVE-2026-12187

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

9CVSS0.0194EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/14 10:0 p.m.23 views

CVE-2026-12187 GL.iNet GL-MT3000 Online Firmware Upgrade one_click_upgrade command injection

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

9CVSS0.0194EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/14 10:0 p.m.9 views

CVE-2026-12187 GL.iNet GL-MT3000 Online Firmware Upgrade one_click_upgrade command injection

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

9CVSS7.4AI score0.0194EPSS
Exploits0References6
CVE
CVEadded 2026/06/14 10:0 p.m.18 views

CVE-2026-12187

CVE-2026-12187 affects GL.iNet GL‑MT3000 devices running firmware up to 4.4.5. The vulnerability is in an unknown function of the /usr/bin/one_click_upgrade component (Online Firmware Upgrade Handler) that allows remote command injection. Public disclosure and PoC details are indicated; exploitat...

9CVSS7.5AI score0.0194EPSS
Exploits0References6
NVD
NVDadded 2026/06/14 9:16 p.m.9 views

CVE-2026-12186

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

9CVSS0.01966EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/14 8:45 p.m.6 views

CVE-2026-12186 GL.iNet GL-MT3000 Tor Proxy Service Configuration tor replace_country command injection

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

9CVSS7.6AI score0.01966EPSS
Exploits0References6
CVE
CVEadded 2026/06/14 8:45 p.m.23 views

CVE-2026-12186

GL.iNet GL-MT3000 is affected up to firmware 4.4.5. The vulnerability resides in the Tor Proxy Service Configuration Handler, specifically the replace_country function in the library /usr/lib/oui-httpd/rpc/tor, where input manipulation enables remote command injection. The issue can be exploited ...

9CVSS7.6AI score0.01966EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/14 8:45 p.m.23 views

CVE-2026-12186 GL.iNet GL-MT3000 Tor Proxy Service Configuration tor replace_country command injection

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

9CVSS0.01966EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/06/14 12:0 a.m.12 views

PT-2026-49110

Name of the Vulnerable Software and Affected Versions GL.iNet GL-MT3000 versions prior to 4.7 Description An issue in the Online Firmware Upgrade Handler component allows for remote command injection via the /usr/bin/one click upgrade file. Command injection is a flaw that allows an attacker to...

9CVSS8.4AI score0.0194EPSS
Exploits0References10
GithubExploit
GithubExploitadded 2026/06/13 9:11 a.m.64 views

Exploit for CVE-2026-11450

GL.iNet Beryl AX Triple RCE PoC PoC for three unauthenticated...

7.5CVSS7.3AI score0.02027EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2026/06/08 8:58 a.m.12 views

CVE-2026-11451

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument mediadir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...

7.5CVSS7.2AI score0.02027EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/06/08 8:58 a.m.9 views

CVE-2026-11452

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS6.8AI score0.01681EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/06/08 2:58 a.m.11 views

CVE-2026-11448

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS5.1AI score0.01582EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/08 2:58 a.m.9 views

CVE-2026-11449

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS6.2AI score0.01102EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/08 2:58 a.m.12 views

CVE-2026-11447

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfobackend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been released...

6.5CVSS6.2AI score0.01073EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/08 2:58 a.m.9 views

CVE-2026-11450

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.01572EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/06/08 2:58 a.m.8 views

CVE-2026-11406

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS6.2AI score0.0123EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/06/08 12:0 a.m.9 views

GL.iNet多款产品 加密问题漏洞

GL.iNet MT3000 and other products are developed by GL.iNet Corporation. The GL.iNet MT3000 is a portable router that uses the Wi-Fi 6 protocol. The GL.iNet AX1800 is a wireless router. The GL.iNet A1300 is a Wi-Fi 5 travel router. Several of GL.iNet’s products have encryption vulnerabilities, whi...

5CVSS5.5AI score0.00197EPSS
Exploits0References1
NVD
NVDadded 2026/06/07 4:16 a.m.12 views

CVE-2026-11452

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS0.01681EPSS
Exploits1References5
Rows per page
Query Builder