CVE-2026-12187

CVE Database · CVE-2026-12187

CVE-2026-12187

· HIGHReceived

CVSS v3.1

8.8

CVSS v4.0

7.4

EPSS

1.99%

Published

Jun 14, 2026

Modified

Jun 14, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/one_click_upgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 4.7 addresses this issue. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-74CWE-77

References (6)

https://fw.gl-inet.com/firmware/mt3000/release/mt3000-4.8.1-0819-1755615825.tar

https://github.com/StrTzz123/iot_vul/tree/main/GL-iNet/MT3000/4.4.5/upgrade_online_url

https://vuldb.com/cve/CVE-2026-12187

https://vuldb.com/submit/815654

https://vuldb.com/vuln/370833

https://vuldb.com/vuln/370833/cti

KEV Catalog EPSS Scores Vendors All CVEs