CVE-2026-5959
Received Received - Intake
Improper Authentication in GL.iNet Factory Reset Handler

Publication date: 2026-04-09

Last updated on: 2026-04-09

Assigner: VulDB

Description
A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.8.2 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-09
Generated
2026-06-16
AI Q&A
2026-04-09
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5959
EUVD
EUVD-2026-20928
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
gl.inet gl-rm1 1.8.1
gl.inet gl-rm10 1.8.1
gl.inet gl-rm10rc 1.8.1
gl.inet gl-rm1pe 1.8.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by verifying whether a previously bound user retains remote access to the GL.iNet KVM device after a factory reset.

To test this, bind a user to the device, perform a factory reset, power the device back on, and check if the original user still has remote operational access despite the reset.

There are no specific commands provided to detect this vulnerability, but the described procedure can be used to confirm if the authentication bypass exists.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade the affected GL.iNet KVM devices to firmware version 1.8.2 or later.

This fixed version properly clears user binding relationships after a factory reset, preventing the remote access authentication bypass.

It is advisable to download the official fixed firmware from GL.iNet’s website for your specific device model and apply the update as soon as possible.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-5959 is a remote access authentication bypass vulnerability found in certain GL.iNet KVM devices. The issue occurs because after performing a factory reset, the device does not properly clear the association with the previously bound user. This means that even after a factory reset, the original user retains remote control over the device, bypassing the intended authentication protections.

  • Affected devices include GL-RM1, GL-RM10, GL-RM10RC (all version 1.8.1), and GL-RM1PE (version 1.8.0).
  • The vulnerability can be exploited remotely but requires a rather high complexity attack.

Upgrading to firmware version 1.8.2 resolves this issue.

Impact Analysis

This vulnerability allows an attacker who was previously bound to the device to retain remote control even after a factory reset. This means unauthorized remote access can persist, potentially allowing the attacker to manipulate device settings, monitor network traffic, or disrupt normal operations.

Because the authentication bypass occurs after a factory reset, users may falsely believe the device is secure and reset to a clean state, while in reality, the attacker still has control.

The attack complexity is high and requires prior binding to the device, but if exploited, it can lead to significant security risks including confidentiality, integrity, and availability impacts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5959. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart