Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
GL-iNet GL-AR300M16: Hackers can execute unauthorized system commands
CVE-2026-26793
Summary
A security flaw in the GL-iNet GL-AR300M16 router's configuration settings allows hackers to potentially take control of the device and access sensitive information. This is a serious issue because it could let attackers execute any system command, which can lead to data theft or disruption of the router's functionality. To fix this, update your router to the latest version to prevent unauthorized access.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| gl-inet | ar300m16_firmware | 4.3.11 | – |
Original title
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted ...
Original description
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
Vulnerability type
CWE-77
Command Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026