Platform
linux
Component
gl-inet
Fixed in
1.8.2
1.8.2
1.8.2
1.8.2
CVE-2026-5959 describes an improper authentication vulnerability discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC, and GL-RM1PE router firmware versions 1.8.1 and 1.8.2. Successful exploitation could allow an attacker to gain unauthorized access to the device. The vulnerability resides within the Factory Reset Handler component and has been addressed with a firmware update.
This vulnerability allows a remote attacker to bypass authentication mechanisms within the Factory Reset Handler. While the attack complexity is considered high and exploitation difficult, a successful breach could grant the attacker control over the router's configuration and potentially its network traffic. This could lead to data theft, man-in-the-middle attacks, or even complete compromise of the network the router protects. The impact is amplified in environments where these routers are used as primary internet gateways or for sensitive data transmission.
CVE-2026-5959 was publicly disclosed on 2026-04-09. The vendor, GL.iNet, responded promptly and released a patch. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is likely low to medium, reflecting the difficulty of exploitation and the lack of public exploits. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.14% (34% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5959 is to upgrade the GL.iNet router firmware to version 1.8.2 or later. This update directly addresses the improper authentication flaw. If an immediate upgrade is not feasible due to compatibility issues or downtime concerns, consider implementing stricter firewall rules to limit access to the Factory Reset Handler functionality. While a WAF is unlikely to be effective here, carefully reviewing and restricting access to the router's web interface can reduce the attack surface. After upgrading, confirm the fix by attempting a factory reset and verifying that authentication is required.
Update your GL.iNet router firmware to version 1.8.2 or later to correct the improper authentication vulnerability in the factory reset process. Refer to the manufacturer's documentation for detailed instructions on how to update the firmware.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5959 is a medium-severity vulnerability affecting GL.iNet routers, allowing remote attackers to bypass authentication in the Factory Reset Handler.
You are affected if you are using a GL.iNet GL-RM1, GL-RM10, GL-RM10RC, or GL-RM1PE router running firmware versions 1.8.1 or 1.8.2.
Upgrade your GL.iNet router firmware to version 1.8.2 or later to resolve this vulnerability.
As of now, there are no publicly available proof-of-concept exploits, but it's crucial to apply the patch proactively.
Refer to the GL.iNet website and firmware update pages for the official advisory and instructions on upgrading your router.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.