CVE-2026-5959
Published: Apr 9, 2026
Modified: Apr 13, 2026
CVSS v3.1
6.6
Description
A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.8.2 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
| Vendor | Product | Versions |
|---|---|---|
GL.iNet | GL-RM1 | affected 1.8.1unaffected 1.8.2 |
GL.iNet | GL-RM10 | affected 1.8.1unaffected 1.8.2 |
GL.iNet | GL-RM10RC | affected 1.8.1unaffected 1.8.2 |
GL.iNet | GL-RM1PE | affected 1.8.1unaffected 1.8.2 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now