CVE-2026-12186 | GL.iNet GL-MT3000 up to 4.4.5 Tor Proxy Service Configuration tor replace_country command injection

A vulnerability classified as critical has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replace_country in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection.

This vulnerability is handled as CVE-2026-12186. The attack can be initiated remotely. Additionally, an exploit exists.

It is recommended to upgrade the affected component.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.VulDB Recent EntriesRead More