Description
A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/one_click_upgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 4.7 addresses this issue. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Published: 2026-06-14
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A command injection flaw exists in the Online Firmware Upgrade Handler's one_click_upgrade binary on GL.iNet GL‑MT3000 routers. The flaw allows a remote actor to inject arbitrary shell commands through malformed input to one_click_upgrade. The attacker can execute commands with the privileges of the binary, enabling full compromise of the router’s operating system. The weakness aligns with CWE‑74 and CWE‑77, typical of command injection vulnerabilities.

Affected Systems

GL.iNet routers of the MT3000 model with firmware versions up to 4.4.5 are affected. The issue is fixed in firmware 4.7 and later. Devices running older firmware that still expose the Online Firmware Upgrade feature are at risk. No other GL.iNet products or newer firmware versions are impacted.

Risk and Exploitability

The CVSS score of 8.7 highlights a high severity. Although the EPSS score is unavailable, the vulnerability has already been publicly disclosed and the exploit code exists. The attack can be delivered remotely via the Online Firmware Upgrade interface, meaning an adversary only needs the ability to communicate with the device over its network. Because the flaw permits arbitrary command execution, the potential impact includes full device takeover, credential compromise, and denial of service. The vulnerability is not yet in the CISA KEV catalog, but the public availability of the exploit raises concern for immediate remediation.

Generated by OpenCVE AI on June 14, 2026 at 23:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to version 4.7 or later to remove the vulnerable one_click_upgrade binary.
  • If upgrading is not immediately possible, disable or block the Online Firmware Upgrade functionality—restrict web access to the upgrade endpoint or use firewall rules to block the relevant traffic.
  • After applying the fix, monitor the device for anomalous outbound connections or attempts to invoke the upgrade handler, and enable detailed logging to detect future exploitation attempts.

Generated by OpenCVE AI on June 14, 2026 at 23:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Gl-inet gl-mt3000
Vendors & Products Gl-inet gl-mt3000

Sun, 14 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/one_click_upgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 4.7 addresses this issue. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Title GL.iNet GL-MT3000 Online Firmware Upgrade one_click_upgrade command injection
First Time appeared Gl-inet
Gl-inet gl-mt3000 Firmware
Weaknesses CWE-74
CWE-77
CPEs cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:*
Vendors & Products Gl-inet
Gl-inet gl-mt3000 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Gl-inet Gl-mt3000 Gl-mt3000 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-14T22:00:09.360Z

Reserved: 2026-06-14T06:30:11.012Z

Link: CVE-2026-12187

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-14T23:16:34.853

Modified: 2026-06-14T23:16:34.853

Link: CVE-2026-12187

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-15T00:30:07Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')