Gl-inet Comet Kvm
4 CVEs affecting Gl-inet Comet Kvm. Latest disclosed: 2026-03-17. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-32292 | High | 7.5 | 2026-03-17 | The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials. |
CVE-2026-32291 | Medium | 6.8 | 2026-03-17 | The GL-iNet Comet (GL-RM1) KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and… |
CVE-2026-32290 | Medium | 4.7 | 2026-03-17 | The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a co… |
CVE-2026-32293 | Low | 3.7 | 2026-03-17 | The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used… |