GL-iNet Comet KVM Unauthenticated Root Access via UART Serial Console

Vulnerability

A vulnerability in the GL-iNet Comet KVM (GL-RM1) allows for unauthenticated root access through the UART serial console. This issue requires physical access to the device to connect to the UART pins, bypassing all network-based authentication controls. Once accessed, the UART interface provides a root shell, enabling full control over the device.

Impact

Exploitation of this vulnerability grants root-level access to the KVM device via the UART interface, allowing an attacker to control the device as if they were physically present. This access can be used to manipulate the KVM's behavior, such as injecting keystrokes or booting from removable media to access connected systems at a low level.

Added: Mar 17, 2026, 6:24 PM

Updated: Mar 17, 2026, 6:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.9

remediation

0.0

relevance

4.0

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.9

remediation

0.0

relevance

4.0

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GL-iNet Comet KVM Unauthenticated Root Access via UART Serial Console

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating