A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5 and classified as critical . Affected is the function FUN_0042e200 of the file /cgi-bin/glc of the component SET_USER_PWD Handler . The manipulation of the argument Password leads to command injection. This vulnerability is documented as CVE-2026-11452 . The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded. The vendor explains: " The current code escapes single quotes in