| Title | GL.iNet GL-MT3000 mt3000-4.4.5 Command Injection |
|---|
| Description | The issue arises from insufficient sanitization of the countries array parameter within the `/usr/lib/oui-httpd/rpc/tor` script. An authenticated attacker can supply crafted shell metacharacters within this parameter, which are subsequently saved to the UCI configuration. When the system invokes the replace_country() function during the tor_on() execution flow, these malicious inputs are unsafely evaluated, allowing the attacker to achieve arbitrary remote code execution with root privileges. |
|---|
| Source | ⚠️ https://github.com/StrTzz123/iot_vul/blob/main/GL-iNet/MT3000/4.4.5/tor_set_config/Readme.md |
|---|
| User | strforexc (UID 94617) |
|---|
| Submission | 04/29/2026 10:51 (2 months ago) |
|---|
| Moderation | 06/14/2026 08:30 (2 months later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 370832 [GL.iNet GL-MT3000 up to 4.4.5 Tor Proxy Service Configuration tor replace_country command injection] |
|---|
| Points | 20 |
|---|