CVE-2026-5959

MEDIUM

GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication

Title source: cna

Description

A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.8.2 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

References (5)

Core 5

Core References

Patch patch

https://dl.gl-inet.com/kvm/

Vdb Entry vdb-entry

VDB-356512 | GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication

https://vuldb.com/vuln/356512

Signature, Permissions Required signature permissions-required

VDB-356512 | CTI Indicators (IOB, IOC)

https://vuldb.com/vuln/356512/cti

Third Party Advisory third-party-advisory

Submit #786688 | GL.iNet KVM 1.8.1 Access Authentication Bypass

https://vuldb.com/submit/786688

View Writeup ZIP pw:eip

Scores

CVSS v3 6.6

EPSS 0.0051

EPSS Percentile 39.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-287

Status published

Products (8)

GL.iNet/GL-RM1 1.8.1

GL.iNet/GL-RM1 1.8.2

GL.iNet/GL-RM10 1.8.1

GL.iNet/GL-RM10 1.8.2

GL.iNet/GL-RM10RC 1.8.1

GL.iNet/GL-RM10RC 1.8.2

GL.iNet/GL-RM1PE 1.8.1

GL.iNet/GL-RM1PE 1.8.2

Published Apr 09, 2026

Tracked Since Apr 09, 2026