Description
A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replace_country in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 4.7 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Published: 2026-06-14
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the replace_country function of the Tor Proxy Service Configuration Handler. It permits an attacker to inject arbitrary operating‑system commands through careful manipulation of the rpc/tor interface. Activation of the command injection would give the attacker the ability to run any command with the privileges of the underlying web server process. This leads to remote code execution on the device and thus full compromise. The weakness reflects CWE‑74 and CWE‑77.

Affected Systems

The flaw affects GL.iNet GL‑MT3000 devices running firmware versions up to and including 4.4.5. All firmware releases before 4.7 contain the vulnerable replace_country implementation. GL.iNet has released firmware 4.7 which removes the flaw. The vulnerability is present in the tor configuration component only; no other products or components are listed.

Risk and Exploitability

The CVSS score of 8.7 flags the issue as high severity, and public exploits are already available, meaning real‑world attacks are plausible. The exploit can be launched from a remote system that can reach the RPC endpoint, presumably over the device’s LAN or WAN interface; no authentication prerequisites are mentioned, so the attacker may be able to use the service from any reachable location. The EPSS score is not published, and the flaw is not yet in the CISA KEV catalogue, but the presence of a public exploit and remote access capabilities makes it a high‑risk vulnerability that requires immediate unmitigated action.

Generated by OpenCVE AI on June 14, 2026 at 22:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the GL.iNet firmware 4.7 update to eliminate the command injection flaw.
  • If a firmware upgrade cannot be performed right away, block or disable the Tor Proxy Service RPC endpoint by configuring the device’s firewall or disabling the service.
  • After applying a fix or mitigation, monitor device logs for suspicious subprocess execution or unusual network connections that could indicate exploitation attempts.

Generated by OpenCVE AI on June 14, 2026 at 22:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 14 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Gl-inet gl-mt3000
Vendors & Products Gl-inet gl-mt3000

Sun, 14 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replace_country in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 4.7 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Title GL.iNet GL-MT3000 Tor Proxy Service Configuration tor replace_country command injection
First Time appeared Gl-inet
Gl-inet gl-mt3000 Firmware
Weaknesses CWE-74
CWE-77
CPEs cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:*
Vendors & Products Gl-inet
Gl-inet gl-mt3000 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Gl-inet Gl-mt3000 Gl-mt3000 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-14T20:45:08.530Z

Reserved: 2026-06-14T06:30:08.377Z

Link: CVE-2026-12186

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-14T21:16:18.483

Modified: 2026-06-14T21:16:18.483

Link: CVE-2026-12186

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-14T22:30:20Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')