PT-2026-25914 · Gl.Inet · Gl-Inet Comet

Reynaldo Vasquez Garcia

Publicado

2026-03-17

Atualizado

2026-04-27

CVE-2026-32292

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GL-iNet Comet (GL-RM1) versions (affected versions not specified)

Description The web interface for the KVM feature in GL-iNet Comet (GL-RM1) does not restrict the number of login attempts. This allows attackers to perform brute-force attacks to compromise user credentials. Reports indicate that the device, a KVM box, could serve as a network pivot point for attackers using tools like Hydra.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Restriction of Excessive Authentication Attempts

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-307

Identificadores relacionados

CVE-2026-32292

Produtos afetados

Gl-Inet Comet

PT-2026-25914 · Gl.Inet · Gl-Inet Comet

CVE-2026-32292

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10