A vulnerability classified as critical has been found in GL.iNet GL-MT3000 up to 4.4.5 . Affected is the function replace_country in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler . This manipulation causes command injection. This vulnerability is handled as CVE-2026-12186 . The attack can be initiated remotely. Additionally, an exploit exists. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very