Unrated severityNVD Advisory· Published Mar 12, 2026· Updated Mar 14, 2026
CVE-2026-26792
CVE-2026-26792
Description
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. These vulnerabilities allow attackers to execute arbitrary commands via a crafted input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 4.3.11
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.