PT-2026-25912 · Gl.Inet · Comet Kvm
Reynaldo Vasquez Garcia
·
Published
2026-03-17
·
Updated
2026-03-17
·
CVE-2026-32290
CVSS v3.1
4.7
| Vector | AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N |
The GL-iNet Comet (GL-RM1) KVM does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Comet Kvm