GL-iNet Comet KVM Insecure Initial Provisioning via Unauthenticated Cloud Connection
Vulnerability
A vulnerability exists in the GL-iNet Comet KVM (GL-RM1) due to improper validation of certificates during the initial provisioning process. When the device boots up, it connects to a GL-iNet cloud service to retrieve client and CA certificates. However, the GL-RM1 does not verify the authenticity of these certificates, leaving it open to man-in-the-middle attacks. An attacker could intercept the connection and provide invalid certificates, which the device would accept without validation. This flaw causes the KVM to fail authentication with the legitimate GL-iNet cloud service, disrupting its functionality.
Impact
Exploitation of this vulnerability allows for a persistent denial-of-service condition, where the KVM fails to connect to the legitimate cloud service, and breaks the chain of trust by accepting fraudulent certificates.
Remediation
This vulnerability has been fixed in GL-iNet Comet KVM version 1.8.1 BETA.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.