A command injection vulnerability in GL.iNet GL-MT3000 routers running firmware versions up to 4.4.5 allows a remote attacker to execute arbitrary operating system commands through the router’s Tor Proxy configuration handler. A public exploit is available, raising the likelihood of opportunistic exploitation against unpatched devices. Organizations or remote workers using this router model should treat firmware upgrade to version 4.7 as an immediate priority.