Invia #815654: GL.iNet GL-MT3000 4.4.5 Command Injectioninformazioni

TitoloGL.iNet GL-MT3000 4.4.5 Command Injection
DescrizioneAn authenticated command injection vulnerability exists in the online firmware upgrade workflow of the affected product. The POST /rpc endpoint can invoke upgrade.upgrade_online with a user-controlled firmware URL. The RPC handler passes this value to /usr/bin/one_click_upgrade, where the firmware path is later used in a shell command without sufficient sanitization and quoting. If the firmware URL is accepted with shell metacharacters, an authenticated attacker may be able to execute arbitrary commands with root privileges. The firmware checksum verification fails afterward, so the device does not continue with a real firmware flashing process.
Fonte⚠️ https://github.com/StrTzz123/iot_vul/tree/main/GL-iNet/MT3000/4.4.5/upgrade_online_url
Utente
 strforexc (UID 94617)
Sottomissione29/04/2026 14:17 (2 mesi fa)
Moderazione14/06/2026 08:30 (2 months later)
StatoAccettato
Voce VulDB370833 [GL.iNet GL-MT3000 fino a 4.4.5 Online Firmware Upgrade one_click_upgrade escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!