CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2026-26792

CVSS 9.8v3.1pub. 2026-03-12upd. 2026-03-16

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. These vulnerabilities allow attackers to execute arbitrary commands via a crafted input.

πŸ€– AI Analysis
How it works

Vulnerabilities occur in the set_upgrade function, which processes input parameters: modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type. Data passed through these parameters are not properly validated or sanitized before use in system commands. An attacker can craft malicious parameter values containing additional system commands that will be executed by the device with the privileges of the process handling the request.

Impact

An attacker can remotely execute arbitrary system commands on the device (RCE), leading to complete takeover of the router, breach of data confidentiality and integrity, and potential disruption of network service availability.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. Until updating, it is recommended to restrict access to the device's administration panel exclusively to trusted local networks and disable remote management over the internet.

Who is affected

GL-iNet GL-AR300M16 Firmware version v4.3.11

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gl Inet Ar300m16

    HW
    Gl-Inet
    wszystkie wersje
  • Gl Inet Ar300m16 Firmware

    OS
    Gl-Inet
    4.3.11
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-26795CRITICAL9.8PL βœ“ten sam produkt

Command injection w GL-iNet GL-AR300M16 via parametr module

CVE-2026-26793CRITICAL9.8PL βœ“ten sam produkt

Command injection w GL-iNet GL-AR300M16 via set_config

CVE-2026-26791CRITICAL9.8PL βœ“ten sam produkt

Command injection w GL-iNet GL-AR300M16 β€” wykonanie dowolnych poleceΕ„

CVE-2024-39225CRITICAL9.8PL βœ“ten sam produkt

RCE w firmware GL-iNet β€” obejΕ›cie mechanizmu logowania

CVE-2024-39227CRITICAL9.8PL βœ“ten sam produkt

GL-iNet: RCE i path traversal w /cgi-bin/glc bez uwierzytelnienia

CVE-2026-26792 β€” Gl-Inet β€” Ar300M16 β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl