Description
A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 4.9.0_beta3-1012-0513-1778656146 is able to resolve this issue. You should upgrade the affected component. The vendor confirms: "This issue has been addressed by implementing malicious checks on OpenVPN configuration files to prevent command injection attacks carried through malicious configuration files."
Published: 2026-06-06
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the ovpnclient.sh script of GL.iNet MT3000 allows attackers to inject and execute arbitrary shell commands when a malicious OpenVPN configuration file is imported. The vulnerability stems from improper sanitization of user‑supplied data, falling under CWE‑74 and CWE‑77. An attacker who can trigger the import process—such as by uploading a crafted .ovpn file to the device—can potentially take full control, jeopardizing confidentiality, integrity, and availability of the system.

Affected Systems

The flaw affects all GL.iNet MT3000 firmware releases up to and including 4.4.5. The vendor’s mitigation is available in firmware build 4.9.0_beta3-1012-0513-1778656146, which introduces checks to prevent injection via OpenVPN configuration files.

Risk and Exploitability

With a CVSS score of 5.3, the vulnerability is classified as moderate severity. Although EPSS data is not reported and the issue is not listed in CISA’s KEV catalog, public disclosure of an exploit demonstrates that the flaw is remotely exploitable. Attackers can supply a malicious configuration file from outside the local network, causing the device to execute arbitrary commands. The risk remains significant enough to warrant immediate remediation, especially for devices exposed to the internet or in untrusted environments.

Generated by OpenCVE AI on June 6, 2026 at 11:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to version 4.9.0_beta3-1012-0513-1778656146 or newer, which implements input validation for OpenVPN configuration files.
  • Limit the OpenVPN configuration import feature so that only trusted files from known sources can be uploaded, and consider enforcing file format checks or digital signatures.
  • If firmware upgrade cannot be performed promptly, disable the OpenVPN client import functionality or isolate the router on a separate network segment to reduce exposure.

Generated by OpenCVE AI on June 6, 2026 at 11:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 06 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Gl-inet mt3000
Vendors & Products Gl-inet mt3000

Sat, 06 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 4.9.0_beta3-1012-0513-1778656146 is able to resolve this issue. You should upgrade the affected component. The vendor confirms: "This issue has been addressed by implementing malicious checks on OpenVPN configuration files to prevent command injection attacks carried through malicious configuration files."
Title GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection
First Time appeared Gl-inet
Gl-inet mt3000 Firmware
Weaknesses CWE-74
CWE-77
CPEs cpe:2.3:o:gl-inet:mt3000_firmware:*:*:*:*:*:*:*:*
Vendors & Products Gl-inet
Gl-inet mt3000 Firmware
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Gl-inet Mt3000 Mt3000 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-06T09:15:12.019Z

Reserved: 2026-06-05T18:26:22.054Z

Link: CVE-2026-11406

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-06T10:16:27.017

Modified: 2026-06-06T10:16:27.017

Link: CVE-2026-11406

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-06T11:30:19Z

Weaknesses