Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GL-iNet Comet (GL-RM1) KVM insufficient certificate validation
Vulnerability Description
The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the invalid certificates and fail to connect to the legitimate GL-iNet KVM cloud service.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
证书验证不恰当
Vulnerability Title
GL-iNet Comet 安全漏洞
Vulnerability Description
GL-iNet Comet是中国GL-iNet公司的一款便携式多功能网络设备。 GL-iNet Comet存在安全漏洞,该漏洞源于启动期间连接GL-iNet站点时未验证证书,可能导致中间人提供无效客户端和CA证书,致使设备无法连接合法云服务。
CVSS Information
N/A
Vulnerability Type
N/A