CVE-2026-5959
GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication
CVSS Score
6.6
EPSS Score
0.1%
EPSS Percentile
30th
A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.8.2 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
| CWE | CWE-287 |
| Vendor | gl.inet |
| Product | gl-rm1 |
| Published | Apr 9, 2026 |
| Last Updated | Apr 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for gl.inet gl-rm1
Be the first to know when new medium vulnerabilities affecting gl.inet gl-rm1 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
GL.iNet / GL-RM1
1.8.1
GL.iNet / GL-RM10
1.8.1
GL.iNet / GL-RM10RC
1.8.1
GL.iNet / GL-RM1PE
1.8.1
References
vuldb.com: https://vuldb.com/vuln/356512 vuldb.com: https://vuldb.com/vuln/356512/cti vuldb.com: https://vuldb.com/submit/786688 github.com: https://github.com/gl-inet/CVE-issues/blob/main/KVM/1.8.1/Remote%20Access%20Authentication%20Bypass%20After%20Factory%20Reset.md dl.gl-inet.com: https://dl.gl-inet.com/kvm/
Credits
๐ GLiNet (VulDB User) VulDB CNA Team