GL-iNet Comet (GL-RM1) KVM insufficient firmware verification

The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification.

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

对数据真实性的验证不充分

GL-iNet Comet 安全漏洞

GL-iNet Comet是中国GL-iNet公司的一款便携式多功能网络设备。 GL-iNet Comet存在安全漏洞，该漏洞源于未充分验证上传固件文件的真实性，可能导致中间人或受损更新服务器修改固件并通过验证。

N/A

N/A