| Title | GL.iNet KVM 1.8.1 Access Authentication Bypass |
|---|
| Description | This vulnerability fails to clear the user binding relationship after a user binds to the device and then resets it, resulting in the bound user still being able to remotely operate the device after the reset.GL.iNet's official website has fixed this issue in the version 1.8.2 firmware.Thanks to Dustin Eastman, Security Engineer, for identifying this issue. |
|---|
| Source | ⚠️ https://github.com/gl-inet/CVE-issues/blob/main/KVM/1.8.1/Remote%20Access%20Authentication%20Bypass%20After%20Factory%20Reset.md |
|---|
| User | GLiNet (UID 96704) |
|---|
| Submission | 03/24/2026 03:22 (18 days ago) |
|---|
| Moderation | 04/09/2026 11:50 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 356512 [GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE 1.8.1 Factory Reset improper authentication] |
|---|
| Points | 18 |
|---|