216.73.217.64

CVE-2026-32291

· Published 17/03/2026 18:16 · Modified 18/03/2026 14:52

Labels: CVE-2026-32291 2026-03-179119a7d8-5eab-497f-8521-727c672e3725CVE-2026-32291CWE-306

Essential information

Published
17/03/2026 18:16
Modified
18/03/2026 14:52
Author
Creator
CVSS
7.0 HIGH (v3) 7.0 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

The GL-iNet Comet (GL-RM1) KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
9119a7d8-5eab-497f-8521-727c672e3725
NVD
View on NVD

Affected products (CPE)

ProductCPE
gl-inet / comet cpe:2.3:a:gl-inet:comet:*:*:*:*:*:*:*:*

References