PT-2026-25913 · Gl.Inet · Comet Kvm
Reynaldo Vasquez Garcia
·
Published
2026-03-17
·
Updated
2026-03-17
·
CVE-2026-32291
CVSS v3.1
6.8
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
The GL-iNet Comet (GL-RM1) KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Comet Kvm