CVE-2026-32292 identifies a critical security vulnerability in the GL-iNet Comet (GL-RM1) KVM web interface, specifically an improper restriction of excessive authentication attempts (CWE-307). The affected product does not impose any limits on the number of login requests, allowing attackers to conduct brute-force attacks against the authentication mechanism. This vulnerability can be exploited remotely without requiring any prior authentication or user interaction, making it highly accessible to attackers. The absence of rate limiting or account lockout mechanisms means attackers can systematically try numerous credential combinations to gain unauthorized access. Successful exploitation compromises the confidentiality and integrity of the system by granting attackers control over the KVM interface, potentially leading to further network compromise. The CVSS 4.0 base score of 9.3 reflects the critical nature of this vulnerability, highlighting its network attack vector, low complexity, and high impact on confidentiality and system control. Although no patches have been released and no active exploits are currently known, the vulnerability's characteristics make it a prime target for attackers once exploit code becomes available. The GL-iNet Comet KVM is used in remote management scenarios, often in environments requiring high security, increasing the potential impact of exploitation.

The vulnerability allows attackers to gain unauthorized access to the GL-iNet Comet KVM interface through brute-force attacks, potentially compromising sensitive system controls and data. This can lead to full system compromise, unauthorized configuration changes, and lateral movement within the network. Organizations relying on this KVM for remote management, especially in critical infrastructure, telecommunications, or enterprise environments, face risks of operational disruption and data breaches. The lack of authentication barriers and the ability to exploit remotely increase the attack surface significantly. Additionally, attackers could use compromised KVM access to deploy malware, exfiltrate data, or disrupt services, causing reputational damage and financial losses. The critical severity rating underscores the urgency for organizations to address this vulnerability promptly to prevent exploitation.

Since no official patches are currently available, organizations should implement compensating controls immediately. These include restricting network access to the KVM interface using firewalls or VPNs to limit exposure to trusted IP addresses only. Enforce strong, complex passwords and consider multi-factor authentication if supported. Monitor authentication logs for repeated failed login attempts to detect brute-force activity early. Implement network segmentation to isolate the KVM device from critical systems and reduce lateral movement risk. If possible, disable the web interface when not in use or replace the device with a more secure alternative. Regularly update firmware and subscribe to vendor advisories for patch releases. Employ intrusion detection/prevention systems (IDS/IPS) to alert on suspicious authentication patterns. Finally, conduct security awareness training for administrators managing these devices to recognize and respond to potential attacks.