gl-inet comet_gl-rm1_firmware CVE Vulnerabilities (4)

CVEs: 4 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting gl-inet comet_gl-rm1_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 14 of 4 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-32293 The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the invalid certificates and fail to connect to the legitimate GL-iNet KVM cloud service. 9119a7d8-5eab-497f-8521-727c672e3725 6.3 0.33% 2026-03-17 2026-06-17
CVE-2026-32292 The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials. 9119a7d8-5eab-497f-8521-727c672e3725 9.3 0.53% 2026-03-17 2026-06-17
CVE-2026-32291 The GL-iNet Comet (GL-RM1) KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins. 9119a7d8-5eab-497f-8521-727c672e3725 7.0 0.33% 2026-03-17 2026-06-17
CVE-2026-32290 The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification. 9119a7d8-5eab-497f-8521-727c672e3725 7.0 0.16% 2026-03-17 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence