PT-2026-25914 · Gl.Inet · Gl-Inet Comet

Reynaldo Vasquez Garcia

Published

2026-03-17

Updated

2026-04-27

CVE-2026-32292

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GL-iNet Comet (GL-RM1) versions (affected versions not specified)

Description The web interface for the KVM feature in GL-iNet Comet (GL-RM1) does not restrict the number of login attempts. This allows attackers to perform brute-force attacks to compromise user credentials. Reports indicate that the device, a KVM box, could serve as a network pivot point for attackers using tools like Hydra.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2026-32292

Affected Products

Gl-Inet Comet

PT-2026-25914 · Gl.Inet · Gl-Inet Comet

CVE-2026-32292

Weakness Enumeration

Related Identifiers

Affected Products

References · 10