Description
The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the invalid certificates and fail to connect to the legitimate GL-iNet KVM cloud service.
Published: 2026-03-17
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Inadequate certificate validation leading to provisioning failure and potential denial of service
Action: Apply Firmware Update
AI Analysis

Impact

The vulnerability resides in the GL-iNet Comet (GL-RM1) KVM’s boot‑time provisioning process. During startup the device contacts a GL‑iNet site to download client and CA certificates. The implementation does not verify the authenticity of these certificates, allowing an attacker in a man‑in‑the‑middle position to serve forged client and CA certificates. Because the device will attempt to use those invalid certificates, it subsequently fails to establish a connection with the legitimate GL‑iNet KVM cloud service. The immediate consequence is a loss of connectivity and potential denial of service for the device. The weakness is categorized as Improper Certificate Validation (CWE‑295).

Affected Systems

Affected product: GL‑iNet Comet KVM (GL‑RM1). No specific affected firmware or hardware version data is provided in the CNA entries.

Risk and Exploitability

The CVSS base score is 6.3, indicating medium severity. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to perform a network‑layer man‑in‑the‑middle attack during the device’s boot sequence when it initiates the provisioning request. Successful exploitation results in failed provisioning and service interruption; it does not directly allow privileged code execution or data exfiltration based on the supplied description.

Generated by OpenCVE AI on March 17, 2026 at 18:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the GL‑iNet device to the latest firmware that implements proper certificate validation (check the vendor’s support site for a patch release).
  • If an update is not yet available, block or monitor outbound connections from the device to the GL‑iNet provisioning server during boot to prevent the acceptance of forged certificates.

Generated by OpenCVE AI on March 17, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
References

Wed, 18 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Gl-inet
Gl-inet comet Kvm
Vendors & Products Gl-inet
Gl-inet comet Kvm

Tue, 17 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the invalid certificates and fail to connect to the legitimate GL-iNet KVM cloud service.
Title GL-iNet Comet (GL-RM1) KVM insufficient certificate validation
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Gl-inet Comet Kvm
cve-icon MITRE

Status: PUBLISHED

Assigner: cisa-cg

Published:

Updated: 2026-03-23T19:34:57.871Z

Reserved: 2026-03-11T18:26:24.845Z

Link: CVE-2026-32293

cve-icon Vulnrichment

Updated: 2026-03-17T17:57:16.599Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-17T18:16:16.417

Modified: 2026-03-23T20:16:26.700

Link: CVE-2026-32293

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:49:05Z

Weaknesses