← Volver a CVEs
CVE-2026-5959
MEDIUM6.6
Descripcion
A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.8.2 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Detalles CVE
Puntuacion CVSS v3.16.6
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado4/9/2026
Ultima modificacion4/9/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-287
Referencias
https://dl.gl-inet.com/kvm/(cna@vuldb.com)
https://github.com/gl-inet/CVE-issues/blob/main/KVM/1.8.1/Remote%20Access%20Authentication%20Bypass%20After%20Factory%20Reset.md(cna@vuldb.com)
https://vuldb.com/submit/786688(cna@vuldb.com)
https://vuldb.com/vuln/356512(cna@vuldb.com)
https://vuldb.com/vuln/356512/cti(cna@vuldb.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.