CVE-2026-32290 - Vulnerability Details

- GL-iNet Comet (GL-RM1) KVM insufficient firmware verification

Description

The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification.

Published: 2026-03-17

Score: 7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises because the KVM firmware update process on GL-iNet Comet (GL‑RM1) does not adequately verify the authenticity of uploaded firmware. An attacker can modify the firmware image and its accompanying MD5 checksum, causing the device to accept a malicious payload. This flaw enables arbitrary code execution or complete device takeover once the firmware is installed.

Affected Systems

The issue affects GL‑iNet's Comet KVM product before firmware version 1.8.2. Devices running these older releases are susceptible. Personal or enterprise networks that deploy the GL‑RM1 model without updating are at risk.

Risk and Exploitability

With a CVSS score of 7 the vulnerability is considered high severity. The EPSS score is below 1% and the flaw is not listed as a known exploited vulnerability by CISA, suggesting a low exploitation likelihood in the wild. Nonetheless, an attacker who has network access or can engineer a Man‑in‑the‑Middle position against the device's update mechanism can supply the forged firmware. The consequent compromise would grant full control over the router and expose the surrounding network.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

GL-iNet

Comet KVM

unknown

Version	Status	Constraints
`0`	affected	< 1.8.2
`1.8.2`	unaffected	—

Configuration 1 [-]

AND

cpe:2.3:o:gl-inet:comet_gl-rm1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gl-inet:comet_gl-rm1:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Gl-inet

Comet Kvm

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the device firmware version; if it is older than 1.8.2, update the firmware immediately.
Restrict access to the firmware upload interface to trusted administrators only.
Verify the authenticity of the update server and ensure it has not been compromised.
Monitor the device for abnormal update activity and enforce strict integrity checks on future firmware images.

Generated by OpenCVE AI on March 23, 2026 at 20:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00007.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://dl.gl-inet.com/release/kvm/release/RM1/1.8.2
https://eclypsium.com/blog/your-kvm-is-the-weak-link-how-30-dollar-devices-can-own-your-entire-network/
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-076-01.json
https://www.cve.org/CVERecord?id=CVE-2026-32290

History

Mon, 27 Apr 2026 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gl-inet comet Gl-rm1 Gl-inet comet Gl-rm1 Firmware
CPEs		cpe:2.3:h:gl-inet:comet_gl-rm1:::::::: cpe:2.3:o:gl-inet:comet_gl-rm1_firmware::::::::
Vendors & Products		Gl-inet comet Gl-rm1 Gl-inet comet Gl-rm1 Firmware

Mon, 23 Mar 2026 19:45:00 +0000

Type	Values Removed	Values Added
Description	The GL-iNet Comet (GL-RM1) KVM does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification.	The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification.
References		https://dl.gl-inet.com/release/kvm/release/RM1/1.8.2

Wed, 18 Mar 2026 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gl-inet Gl-inet comet Kvm
Vendors & Products		Gl-inet Gl-inet comet Kvm

Tue, 17 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 17 Mar 2026 17:45:00 +0000

Type	Values Removed	Values Added
Description		The GL-iNet Comet (GL-RM1) KVM does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification.
Title		GL-iNet Comet (GL-RM1) KVM insufficient firmware verification
Weaknesses		CWE-345
References		https://eclypsium.com/blog/your-kvm-is-the-weak-link-how-30-dollar-devices-can-own-your-entire-network/ https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-076-01.json https://www.cve.org/CVERecord?id=CVE-2026-32290
Metrics		cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N'}` cvssV4_0 `{'score': 7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H'}`

Subscriptions

Gl-inet Comet Gl-rm1 Comet Gl-rm1 Firmware Comet Kvm

MITRE

Status: PUBLISHED

Assigner: cisa-cg

Published: 2026-03-17T17:18:14.150Z

Updated: 2026-03-23T19:34:09.794Z

Reserved: 2026-03-11T18:26:03.157Z

Link: CVE-2026-32290

Vulnrichment

Updated: 2026-03-17T17:54:45.502Z

NVD

Status : Analyzed

Published: 2026-03-17T18:16:15.843

Modified: 2026-04-27T12:35:51.330

Link: CVE-2026-32290

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-24T10:49:08Z

Weaknesses

CWE-345

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object