PT-2026-25912 · Gl.Inet · Gl-Inet Comet (Gl-Rm1) Kvm
Reynaldo Vasquez Garcia
·
Published
2026-03-17
·
Updated
2026-04-27
·
CVE-2026-32290
CVSS v3.1
4.7
Medium
| Vector | AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
GL-iNet Comet (GL-RM1) KVM versions prior to 1.8.2
Description
The GL-iNet Comet (GL-RM1) KVM does not properly confirm the legitimacy of firmware files during upload. This allows an attacker positioned between the user and the update server, or one who has gained control of the update server, to alter the firmware and its MD5 hash, enabling the modified firmware to pass verification.
Recommendations
Update to version 1.8.2 or later.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gl-Inet Comet (Gl-Rm1) Kvm