Gl-inet Comet Gl-rm1 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Gl-inet Comet Gl-rm1 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-32292 — CVSS 7.5 (high): The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.
CVE-2026-32291 — CVSS 6.8 (medium): The GL-iNet Comet (GL-RM1) KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically…
CVE-2026-32290 — CVSS 4.7 (medium): The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An…
CVE-2026-32293 — CVSS 3.7 (low): The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not…