307 matches found
CVE-2026-26794
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...
CVE-2026-32290
The GL-iNet Comet GL-RM1 KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...
CVE-2026-32292
The GL-iNet Comet GL-RM1 KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials...
EUVD-2026-12598
The GL-iNet Comet GL-RM1 KVM does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...
EUVD-2026-12604
The GL-iNet Comet GL-RM1 KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the...
EUVD-2026-12602
The GL-iNet Comet GL-RM1 KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials...
CVE-2026-32292
The GL-iNet Comet GL-RM1 KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials...
CVE-2026-32291
The GL-iNet Comet GL-RM1 KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...
CVE-2026-32293
The GL-iNet Comet GL-RM1 KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the...
CVE-2026-32290
The GL-iNet Comet GL-RM1 KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...
CVE-2026-32293
The affected device is the GL-iNet Comet (GL-RM1) KVM. During boot, it connects to a GL-iNet site to provision client and CA certificates, but it does not verify the certificates used for this connection. This enables a network attacker to perform a man-in-the-middle attack to serve invalid clien...
CVE-2026-32293 GL-iNet Comet (GL-RM1) KVM insufficient certificate validation
The GL-iNet Comet GL-RM1 KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the...
CVE-2026-32293 GL-iNet Comet (GL-RM1) KVM insufficient certificate validation
The GL-iNet Comet GL-RM1 KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the...
CVE-2026-32292
The GL-iNet Comet GL-RM1 KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials...
CVE-2026-32292 GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting
The GL-iNet Comet GL-RM1 KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials...
CVE-2026-32292 GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting
The GL-iNet Comet GL-RM1 KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials...
CVE-2026-32292
CVE-2026-32292 affects GL-iNet Comet KVM web interface on the GL-RM1. It describes an insufficient login rate-limiting condition that allows brute-force attempts to guess credentials over the network. The vulnerability is documented across multiple sources (NVD, ENISA EUVD, Red Hat) with a high/c...
CVE-2026-32291
The CVE-2026-32291 issue affects GL-iNet Comet KVM (GL-RM1) prior to firmware 1.8.2, where the UART serial console does not require authentication. An attacker with physical access can connect to UART pins to gain root-level access. The Red Hat and ENISA entries corroborate this UART-authenticati...
CVE-2026-32291 GL-iNet Comet (GL-RM1) KVM unauthenticated root access via UART serial console
The GL-iNet Comet GL-RM1 KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...
CVE-2026-32291 GL-iNet Comet (GL-RM1) KVM unauthenticated root access via UART serial console
The GL-iNet Comet GL-RM1 KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...