Lucene search
K

307 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/17 5:18 p.m.2 views

CVE-2026-32291

The GL-iNet Comet GL-RM1 KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

7CVSS6AI score0.00332EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/17 5:18 p.m.3 views

CVE-2026-32290

The GL-iNet Comet GL-RM1 KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...

7CVSS6AI score0.0016EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/17 5:18 p.m.24 views

CVE-2026-32290 GL-iNet Comet (GL-RM1) KVM insufficient firmware verification

The GL-iNet Comet GL-RM1 KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...

7CVSS0.0016EPSS
Exploits0References4
ICS
ICS
added 2026/03/17 5:2 p.m.6 views

Multiple IP-KVM Vulnerabilities

RISK EVALUATION Multiple KVM products GL-iNet GL-RM1, Angeet ES3 KVM, Sipeed NanoKVM, and JetKVM are affected by multiple vulnerabilities. The most severe of these vulnerabilities could allow a remote, unauthenticated attacker to take complete control of a vulnerable product. 2. RECOMMENDED...

7CVSS6.2AI score0.0016EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.8 views

GL-iNet Comet 安全漏洞

GL-iNet Comet is a portable, multi-functional network device developed by GL-iNet Corporation in China. There is a security vulnerability present in GL-iNet Comet, which stems from insufficient verification of the authenticity of uploaded firmware files. This vulnerability may allow intermediate...

7CVSS6AI score0.0016EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.15 views

PT-2026-25915

The GL-iNet Comet GL-RM1 KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the...

6.3CVSS5.7AI score0.00332EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.8 views

PT-2026-25913

CVE-2026-32291 The GL-iNet Comet GL-RM1 KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UA… https://t.co/3nIVbSAO2u...

7CVSS5.8AI score0.00332EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.12 views

PT-2026-25912

@securityweekly @anton chuvakin Good research. But about CVE-2026-32290 – GL-iNet Comet KVM insufficient verification of firmware authenticity… isn’t it the whole point of these devices that you could just run your own firmware opensource on it also? Like openwrt...

7CVSS5.8AI score0.0016EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.14 views

PT-2026-25914

🚨 CVE-2026-32292: GL-iNet Comet... $30 KVM boxes with zero rate limiting = instant network pivot point for anyone with Hydra and patience. KVMpwn BruteForce NetworkPivot. https://t.co/VKisqb37V7 netsec vulnerability CVE sysadmin zeroday...

9.3CVSS5.8AI score0.0053EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.8 views

GL-iNet Comet 安全漏洞

GL-iNet Comet is a portable, multi-functional network device developed by GL-iNet Corporation in China. There is a security vulnerability in GL-iNet Comet, which stems from the lack of restrictions on login requests through the web interface. This vulnerability may lead to brute-force attacks...

9.3CVSS6AI score0.0053EPSS
Exploits0References3
NVD
NVD
added 2026/03/12 7:16 p.m.8 views

CVE-2026-26793

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the setconfig function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

9.8CVSS0.02266EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 6:16 p.m.4 views

CVE-2026-26795

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

9.8CVSS6.1AI score0.02488EPSS
Exploits1References1
NVD
NVD
added 2026/03/12 6:16 p.m.10 views

CVE-2026-26795

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

9.8CVSS0.02488EPSS
Exploits1References1
NVD
NVD
added 2026/03/12 6:16 p.m.8 views

CVE-2026-26792

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the setupgrade function via the modemurl, targetversion, currentversion, firmwareupload, hashtype, hashvalue, and upgradetype parameters. These vulnerabilities allow attackers to execute arbitrary...

9.8CVSS0.02776EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 6:16 p.m.3 views

CVE-2026-26792

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the setupgrade function via the modemurl, targetversion, currentversion, firmwareupload, hashtype, hashvalue, and upgradetype parameters. These vulnerabilities allow attackers to execute arbitrary...

9.8CVSS6.1AI score0.02776EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 6:16 p.m.4 views

CVE-2026-26791

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enableechoserver function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

9.8CVSS6.1AI score0.02488EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 6:16 p.m.4 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS6.1AI score0.00453EPSS
Exploits1References1
NVD
NVD
added 2026/03/12 6:16 p.m.7 views

CVE-2026-26791

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enableechoserver function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

9.8CVSS0.02488EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/12 12:0 a.m.24 views

CVE-2026-26791

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enableechoserver function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

0.02488EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/12 12:0 a.m.6 views

CVE-2026-26795

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

6.1AI score0.02488EPSS
Exploits1References1
Rows per page
Query Builder