CVE Catalog

CVE-2026-11447

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Summary

A security flaw has been discovered in GL.iNet GL-MT3000 up to version 4.4.5 in the iwinfo_backend function of the iwinfo.so file of the MTK Backend component. Manipulation of the device argument results in command injection, which can be executed remotely.

Risk Assessment

This vulnerability poses a significant risk to organizations as it allows for remote execution of malicious commands on the device. The publicly available exploit increases the likelihood of an attack.

Recommendation

It is recommended to upgrade to version 4.7 to address this issue. Additionally, upgrading the affected component is advised.

Original NVD description (English source)

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfo_backend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 4.7 is recommended to address this issue. Upgrading the affected component is recommended. The vendor confirms: "Starting from version 4.7, SDK has added global protection to intercept malicious injection".

Vulnerability data from NVD (NIST) · CISA KEV · EPSS