CVE-2026-32292 identifies a critical security flaw in the GL-iNet Comet (GL-RM1) KVM web interface, specifically an improper restriction of excessive authentication attempts (CWE-307). The vulnerability arises because the web interface does not impose any limits on the number of login attempts, allowing attackers to perform unlimited brute-force attacks to guess valid user credentials. The attack vector is network-based, requiring no prior authentication or user interaction, which significantly lowers the barrier to exploitation. The vulnerability affects version 0 of the product and has been assigned a CVSS 4.0 score of 9.3, indicating critical severity with high impact on confidentiality and system integrity. The CVSS vector highlights that the attack can be performed remotely (AV:N), with low attack complexity (AC:L), no privileges or user interaction required (PR:N/UI:N), and results in high confidentiality impact (VC:H) and scope change (SI:H). No patches or official fixes have been released yet, and no known exploits have been detected in the wild. The vulnerability could allow attackers to gain unauthorized access to the KVM management interface, potentially leading to full control over the device and connected systems. This is especially concerning for environments relying on remote KVM for critical infrastructure management. The lack of brute-force protection mechanisms such as account lockout, rate limiting, or CAPTCHA makes this vulnerability straightforward to exploit using automated tools.

The impact of CVE-2026-32292 is significant for organizations using GL-iNet Comet KVM devices, as successful exploitation can lead to unauthorized administrative access. This compromises confidentiality by exposing sensitive credentials and potentially sensitive data managed through the KVM interface. Integrity and availability may also be affected if attackers manipulate device settings or disrupt operations. Given the critical nature of KVM devices in managing hardware remotely, attackers gaining control could pivot to other internal systems, escalate privileges, or cause operational disruptions. The ease of exploitation without authentication or user interaction increases the likelihood of attacks, especially in environments where these devices are exposed to untrusted networks or the internet. The absence of known exploits in the wild suggests this is a newly disclosed vulnerability, but the high severity score and straightforward attack vector indicate a strong potential for future exploitation. Organizations in sectors such as telecommunications, data centers, cloud providers, and critical infrastructure that rely on remote KVM management are particularly at risk.

1. Immediately isolate GL-iNet Comet KVM devices from public or untrusted networks to reduce exposure. 2. Implement network-level protections such as firewall rules or VPN access to restrict management interface access to trusted administrators only. 3. Deploy external brute-force mitigation tools like fail2ban or intrusion prevention systems to detect and block repeated failed login attempts targeting the KVM interface. 4. Monitor authentication logs closely for unusual login patterns or repeated failures indicative of brute-force attempts. 5. Where possible, enforce strong, complex passwords and consider multi-factor authentication if supported by the device or surrounding infrastructure. 6. Engage with GL-iNet support channels to obtain updates or patches as they become available and apply them promptly. 7. Consider alternative secure remote management solutions if immediate patching is not feasible. 8. Conduct regular security assessments of remote management devices to identify and remediate similar vulnerabilities proactively.