CVE-2026-32293

by Fred · 17/03/2026

The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the invalid certificates and fail to connect to the legitimate GL-iNet KVM cloud service.

More information : https://dl.gl-inet.com/release/kvm/release/RM1/1.7.2

CVE-2026-32293

Similar

Recent Posts

Categories

CVE-2026-32293

Share this:

Similar

Recent Posts

Categories

Tags