VYPR

Comet Gl Rm1 Firmware

by Gl Inet

CVEs (4)

  • CVE-2026-32292HigMar 17, 2026
    risk 0.49cvss 7.5epss 0.01

    The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.

  • CVE-2026-32291MedMar 17, 2026
    risk 0.44cvss 6.8epss 0.00

    The GL-iNet Comet (GL-RM1) KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins.

  • CVE-2026-32290MedMar 17, 2026
    risk 0.31cvss 4.7epss 0.00

    The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification.

  • CVE-2026-32293LowMar 17, 2026
    risk 0.24cvss 3.7epss 0.00

    The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will…