Known Vulnerabilities for products from GL-iNet
Listed below are 20 of the newest known vulnerabilities associated with the vendor "GL-iNet".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33774 json | Not Provided | 2026-04-09 | 2026-04-10 | |
| CVE-2026-33773 json | Not Provided | 2026-04-09 | 2026-04-13 | |
| CVE-2026-32293 json | The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 ... | Not Provided | 2026-03-17 | 2026-04-27 |
| CVE-2026-32292 json | The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credential... | Not Provided | 2026-03-17 | 2026-04-27 |
| CVE-2026-32291 json | The GL-iNet Comet (GL-RM1) KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires ... | Not Provided | 2026-03-17 | 2026-04-27 |
| CVE-2026-32290 json | The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files.... | Not Provided | 2026-03-17 | 2026-04-27 |
| CVE-2026-31424 json | Not Provided | 2026-04-13 | 2026-04-18 | |
| CVE-2026-5959 json | Not Provided | 2026-04-09 | 2026-04-13 | |
| CVE-2025-68206 json | Not Provided | 2025-12-16 | 2026-04-18 | |
| CVE-2025-22629 json | Not Provided | 2025-03-27 | 2026-04-23 | |
| CVE-2023-50919 json | 9.8 - CRITICAL | 2024-01-12 | 2024-01-24 | |
| CVE-2023-50445 json | 7.8 - HIGH | 2023-12-28 | 2024-01-24 | |
| CVE-2023-47464 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-11-30 | 2023-12-05 |
| CVE-2023-47463 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2023-11-30 | 2023-12-05 |
| CVE-2023-47462 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2023-11-29 | 2023-12-05 |
| CVE-2023-33621 json | GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server confi... | 5.9 - MEDIUM | 2023-06-13 | 2023-06-23 |
| CVE-2023-33620 json | GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via... | 5.9 - MEDIUM | 2023-06-13 | 2023-06-23 |
| CVE-2023-31478 json | An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, i... | 7.5 - HIGH | 2023-05-09 | 2023-05-17 |
| CVE-2023-31477 json | A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to sh... | 7.5 - HIGH | 2023-05-11 | 2023-05-18 |
| CVE-2023-31476 json | An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty ... | 7.5 - HIGH | 2023-05-09 | 2023-05-16 |