Plattform
linux
Komponente
gl-inet
Behoben in
1.8.2
1.8.2
1.8.2
1.8.2
CVE-2026-5959 describes an improper authentication vulnerability discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC, and GL-RM1PE router firmware versions 1.8.1 and 1.8.2. Successful exploitation could allow an attacker to gain unauthorized access to the device. The vulnerability resides within the Factory Reset Handler component and has been addressed with a firmware update.
This vulnerability allows a remote attacker to bypass authentication mechanisms within the Factory Reset Handler. While the attack complexity is considered high and exploitation difficult, a successful breach could grant the attacker control over the router's configuration and potentially its network traffic. This could lead to data theft, man-in-the-middle attacks, or even complete compromise of the network the router protects. The impact is amplified in environments where these routers are used as primary internet gateways or for sensitive data transmission.
CVE-2026-5959 was publicly disclosed on 2026-04-09. The vendor, GL.iNet, responded promptly and released a patch. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is likely low to medium, reflecting the difficulty of exploitation and the lack of public exploits. It is not currently listed on the CISA KEV catalog.
Small businesses and home users relying on GL.iNet GL-RM1, GL-RM10, GL-RM10RC, and GL-RM1PE routers running versions 1.8.1 and 1.8.2 are at risk. This includes users who have not yet applied firmware updates and those who may have inadvertently disabled security features on their routers.
• linux / server:
journalctl -u glinet-factory-reset -g 'authentication failure'• linux / server:
ps aux | grep 'factory_reset'• generic web: Use curl to check for unusual activity on the router's web interface, specifically related to factory reset functionality. Examine access and error logs for suspicious requests.
disclosure
Exploit-Status
EPSS
0.14% (34% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-5959 is to upgrade the GL.iNet router firmware to version 1.8.2 or later. This update directly addresses the improper authentication flaw. If an immediate upgrade is not feasible due to compatibility issues or downtime concerns, consider implementing stricter firewall rules to limit access to the Factory Reset Handler functionality. While a WAF is unlikely to be effective here, carefully reviewing and restricting access to the router's web interface can reduce the attack surface. After upgrading, confirm the fix by attempting a factory reset and verifying that authentication is required.
Aktualisieren Sie das Firmware Ihres GL.iNet-Routers auf Version 1.8.2 oder höher, um die Schwachstelle der fehlerhaften Authentifizierung im Fabrikzurücksetzungsprozess zu beheben. Weitere Informationen zur Aktualisierung der Firmware finden Sie in der Dokumentation des Herstellers.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-5959 is a medium-severity vulnerability affecting GL.iNet routers, allowing remote attackers to bypass authentication in the Factory Reset Handler.
You are affected if you are using a GL.iNet GL-RM1, GL-RM10, GL-RM10RC, or GL-RM1PE router running firmware versions 1.8.1 or 1.8.2.
Upgrade your GL.iNet router firmware to version 1.8.2 or later to resolve this vulnerability.
As of now, there are no publicly available proof-of-concept exploits, but it's crucial to apply the patch proactively.
Refer to the GL.iNet website and firmware update pages for the official advisory and instructions on upgrading your router.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.