GL-iNet Comet KVM Insufficient Firmware Verification Vulnerability

A vulnerability exists in the GL-iNet Comet KVM (model GL-RM1) due to inadequate verification of the authenticity of uploaded firmware files. This flaw allows an attacker-in-the-middle or a compromised update server to alter the firmware and its corresponding MD5 hash, enabling the modified firmware to pass verification. The lack of proper validation creates a significant security risk, as the device may accept tampered firmware as legitimate.

Impact

Exploitation of this vulnerability allows for the installation of malicious firmware that could be used to compromise the KVM device. A compromised KVM can provide attackers with physical-like access to all connected machines, enabling them to control the systems via keyboard and mouse emulation, access BIOS settings, and boot from removable media to bypass OS-level security controls.

Remediation

GL-iNet has no planned fix for this vulnerability.