CVE-2026-12186
Received Received - Intake
Command Injection in GL.iNet GL-MT3000

Publication date: 2026-06-14

Last updated on: 2026-06-14

Assigner: VulDB

Description
A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replace_country in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 4.7 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-14
Last Modified
2026-06-14
Generated
2026-06-15
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-12186
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
gl.inet gl-mt3000 to 4.4.5 (inc)
gl.inet gl-mt3000 4.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a command injection weakness found in the GL.iNet GL-MT3000 device up to version 4.4.5. It exists in the function replace_country within the Tor Proxy Service Configuration Handler component. An attacker can remotely exploit this flaw to execute arbitrary commands on the affected device.

The vulnerability arises from improper handling of input in the replace_country function, allowing malicious input to manipulate commands executed by the system.

The vendor has addressed this issue in version 4.7, and upgrading to this version or later is recommended to mitigate the risk.

Impact Analysis

This vulnerability can have serious impacts as it allows remote attackers to execute arbitrary commands on the affected device.

  • Unauthorized control over the device, potentially leading to data theft or device misuse.
  • Disruption of device functionality or network services.
  • Potential pivot point for further attacks within a network.

Because the exploit is publicly available, the risk of attack is increased, making timely patching critical.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to upgrade the affected GL.iNet GL-MT3000 device to version 4.7 or later, which addresses the issue.

Since the vulnerability allows remote command injection via the Tor Proxy Service Configuration Handler, upgrading the firmware is critical to prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12186. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart