CVE-2026-5959
Improper Authentication in GL.iNet Factory Reset Handler
Publication date: 2026-04-09
Last updated on: 2026-04-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gl.inet | gl-rm1 | 1.8.1 |
| gl.inet | gl-rm10 | 1.8.1 |
| gl.inet | gl-rm10rc | 1.8.1 |
| gl.inet | gl-rm1pe | 1.8.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-5959 is a remote access authentication bypass vulnerability found in certain GL.iNet KVM devices. The issue occurs because after performing a factory reset, the device does not properly clear the association with the previously bound user. This means that even after a factory reset, the original user retains remote control over the device, bypassing the intended authentication protections.
- Affected devices include GL-RM1, GL-RM10, GL-RM10RC (all version 1.8.1), and GL-RM1PE (version 1.8.0).
- The vulnerability can be exploited remotely but requires a rather high complexity attack.
Upgrading to firmware version 1.8.2 resolves this issue.
How can this vulnerability impact me? :
This vulnerability allows an attacker who was previously bound to the device to retain remote control even after a factory reset. This means unauthorized remote access can persist, potentially allowing the attacker to manipulate device settings, monitor network traffic, or disrupt normal operations.
Because the authentication bypass occurs after a factory reset, users may falsely believe the device is secure and reset to a clean state, while in reality, the attacker still has control.
The attack complexity is high and requires prior binding to the device, but if exploited, it can lead to significant security risks including confidentiality, integrity, and availability impacts.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by verifying whether a previously bound user retains remote access to the GL.iNet KVM device after a factory reset.
To test this, bind a user to the device, perform a factory reset, power the device back on, and check if the original user still has remote operational access despite the reset.
There are no specific commands provided to detect this vulnerability, but the described procedure can be used to confirm if the authentication bypass exists.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the affected GL.iNet KVM devices to firmware version 1.8.2 or later.
This fixed version properly clears user binding relationships after a factory reset, preventing the remote access authentication bypass.
It is advisable to download the official fixed firmware from GL.iNetβs website for your specific device model and apply the update as soon as possible.