CVE-2026-11447 | GL.iNet GL-MT3000 up to 4.4.5 MTK Backend iwinfo.so iwinfo_backend device command injection

A vulnerability described as critical has been identified in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfo_backend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection.

This vulnerability is identified as CVE-2026-11447. The attack can be executed remotely. Additionally, an exploit exists.

Upgrading the affected component is recommended.

The vendor confirms: “Starting from version 4.7, SDK has added global protection to intercept malicious injection”.VulDB Recent EntriesRead More