CVE-2026-12187 | GL.iNet GL-MT3000 up to 4.4.5 Online Firmware Upgrade one_click_upgrade command injection

A vulnerability classified as critical was found in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/one_click_upgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection.

This vulnerability is uniquely identified as CVE-2026-12187. The attack can be launched remotely. Moreover, an exploit is present.

Upgrading the affected component is advised.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.VulDB Recent EntriesRead More