CVE-2026-26792 | GL-iNet GL-AR300M16 4.3.11 set_upgrade command injection

A vulnerability described as critical has been identified in GL-iNet GL-AR300M16 4.3.11. Impacted is the function set_upgrade. Executing a manipulation of the argument modem_url/target_version/current_version/firmware_upload/hash_type/hash_value/upgrade_type can lead to command injection.

This vulnerability is registered as CVE-2026-26792. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More