{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32293", "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "state": "PUBLISHED", "assignerShortName": "cisa-cg", "dateReserved": "2026-03-11T18:26:24.845Z", "datePublished": "2026-03-17T17:19:07.549Z", "dateUpdated": "2026-03-23T19:34:57.871Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the invalid certificates and fail to connect to the legitimate GL-iNet KVM cloud service."}], "affected": [{"vendor": "GL-iNet", "product": "Comet KVM", "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.7.2", "versionType": "custom"}, {"version": "1.7.2", "status": "unaffected"}]}], "problemTypes": [{"descriptions": [{"description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE", "cweId": "CWE-295"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T18:41:00.293658Z", "id": "CVE-2026-32293", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "GL-iNet Comet (GL-RM1) KVM insufficient certificate validation", "references": [{"name": "url", "url": "https://eclypsium.com/blog/your-kvm-is-the-weak-link-how-30-dollar-devices-can-own-your-entire-network/"}, {"name": "url", "url": "https://www.cve.org/CVERecord?id=CVE-2026-32293"}, {"name": "url", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-076-01.json"}, {"name": "url", "url": "https://dl.gl-inet.com/release/kvm/release/RM1/1.7.2", "tags": ["patch"]}], "credits": [{"value": "Reynaldo Vasquez Garcia, Eclypsium", "lang": "en"}], "datePublic": "2026-03-17T00:00:00.000Z", "providerMetadata": {"orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg", "dateUpdated": "2026-03-23T19:34:57.871Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T17:57:13.718072Z", "id": "CVE-2026-32293", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T17:57:19.156Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32293", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T17:57:13.718072Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T17:57:16.599Z"}}], "cna": {"title": "GL-iNet Comet (GL-RM1) KVM insufficient certificate validation", "credits": [{"lang": "en", "value": "Reynaldo Vasquez Garcia, Eclypsium"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32293", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T18:41:00.293658Z"}}}], "affected": [{"vendor": "GL-iNet", "product": "Comet KVM", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.2", "versionType": "custom"}, {"status": "unaffected", "version": "1.7.2"}], "defaultStatus": "unknown"}], "datePublic": "2026-03-17T00:00:00.000Z", "references": [{"url": "https://eclypsium.com/blog/your-kvm-is-the-weak-link-how-30-dollar-devices-can-own-your-entire-network/", "name": "url"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-32293", "name": "url"}, {"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-076-01.json", "name": "url"}, {"url": "https://dl.gl-inet.com/release/kvm/release/RM1/1.7.2", "name": "url", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the invalid certificates and fail to connect to the legitimate GL-iNet KVM cloud service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg", "dateUpdated": "2026-03-23T19:34:57.871Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32293", "state": "PUBLISHED", "dateUpdated": "2026-03-23T19:34:57.871Z", "dateReserved": "2026-03-11T18:26:24.845Z", "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "datePublished": "2026-03-17T17:19:07.549Z", "assignerShortName": "cisa-cg"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gl-inet:comet_gl-rm1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F86D4652-283A-4539-ACDF-374239922EE4", "versionEndExcluding": "1.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gl-inet:comet_gl-rm1:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FB81934-02A0-4324-B96C-6BE3A8F7568B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the invalid certificates and fail to connect to the legitimate GL-iNet KVM cloud service."}, {"lang": "es", "value": "El KVM GL-iNet Comet (GL-RM1) se conecta a un sitio GL-iNet durante el arranque para aprovisionar certificados de cliente y CA. El GL-RM1 no verifica los certificados utilizados para esta conexi\u00f3n, permitiendo que un atacante-en-el-medio sirva certificados de cliente y CA no v\u00e1lidos. El GL-RM1 intentar\u00e1 usar los certificados no v\u00e1lidos y fallar\u00e1 al conectarse al servicio leg\u00edtimo de la nube KVM de GL-iNet."}], "id": "CVE-2026-32293", "lastModified": "2026-04-27T12:39:39.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}]}, "published": "2026-03-17T18:16:16.417", "references": [{"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Release Notes"], "url": "https://dl.gl-inet.com/release/kvm/release/RM1/1.7.2"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Third Party Advisory"], "url": "https://eclypsium.com/blog/your-kvm-is-the-weak-link-how-30-dollar-devices-can-own-your-entire-network/"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Broken Link"], "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-076-01.json"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Third Party Advisory"], "url": "https://www.cve.org/CVERecord?id=CVE-2026-32293"}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.7.2)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "1.7.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Comet KVM", "source": "cna", "vendor": "GL-iNet"}, "product": "comet_kvm", "vendor": "gl-inet"}], "analysis": {"en": {"generated_at": "2026-03-17T18:22:22.207920+00:00", "value": {"mitigation_remediation": ["Update the GL\u2011iNet device to the latest firmware that implements proper certificate validation (check the vendor\u2019s support site for a patch release).", "If an update is not yet available, block or monitor outbound connections from the device to the GL\u2011iNet provisioning server during boot to prevent the acceptance of forged certificates."], "summary": {"action": "Apply Firmware Update", "impact": "Inadequate certificate validation leading to provisioning failure and potential denial of service"}, "threat_synthesis": {"affected_systems": "Affected product: GL\u2011iNet Comet KVM (GL\u2011RM1). No specific affected firmware or hardware version data is provided in the CNA entries.", "description_and_impact": "The vulnerability resides in the GL-iNet Comet (GL-RM1) KVM\u2019s boot\u2011time provisioning process. During startup the device contacts a GL\u2011iNet site to download client and CA certificates. The implementation does not verify the authenticity of these certificates, allowing an attacker in a man\u2011in\u2011the\u2011middle position to serve forged client and CA certificates. Because the device will attempt to use those invalid certificates, it subsequently fails to establish a connection with the legitimate GL\u2011iNet KVM cloud service. The immediate consequence is a loss of connectivity and potential denial of service for the device. The weakness is categorized as Improper Certificate Validation (CWE\u2011295).", "risk_and_exploitability": "The CVSS base score is 6.3, indicating medium severity. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to perform a network\u2011layer man\u2011in\u2011the\u2011middle attack during the device\u2019s boot sequence when it initiates the provisioning request. Successful exploitation results in failed provisioning and service interruption; it does not directly allow privileged code execution or data exfiltration based on the supplied description."}}}}, "created": "2026-03-18T12:13:10.900165+00:00", "updated": "2026-03-24T10:49:05.530312+00:00", "vendors": ["gl-inet", "gl-inet$PRODUCT$comet_kvm"]}