Security Advisory

CVE-2026-32290

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-17 17:18:14

Last updated 2026-03-23 19:34:09

Assigner cisa-cg

State PUBLISHED

Description

The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification.

← Browse all CVEs View on cve.org ↗