Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
GL-iNet GL-AR300M16 Wi-Fi Router Allows Malicious Commands
CVE-2026-26791
Summary
A security flaw in the GL-iNet GL-AR300M16 router allows hackers to execute unauthorized commands, potentially giving them control over the device. This could lead to disruption of service or even a complete takeover of the router. Users should update to the latest firmware version to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| gl-inet | ar300m16_firmware | 4.3.11 | – |
Original title
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to exec...
Original description
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
Vulnerability type
CWE-77
Command Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026