Factory Reset Authentication Issues in GL.iNet Devices
CVE-2026-5959

7.5HIGH

Key Information:

Vendor: Gl.inet
Status: Gl-rm1; Gl-rm10; Gl-rm10rc; Gl-rm1pe
Vendor: CVE Published:; 9 April 2026

What is CVE-2026-5959?

A security flaw has been identified in various GL.iNet devices, specifically related to the Factory Reset Handler. This vulnerability allows for improper authentication mechanisms which can be exploited remotely. While the potential for exploitation is present, the complexity of executing such an attack remains high. To mitigate this risk, users are strongly advised to upgrade to version 1.8.2, which resolves the identified issue. GL.iNet has responded swiftly to the concern, providing a secure fix for affected users.

Affected Version(s)

GL-RM1 1.8.1

GL-RM10 1.8.1

GL-RM10RC 1.8.1

References

https://vuldb.com/vuln/356512

vdb-entry

https://vuldb.com/vuln/356512/cti

signaturepermissions-required

https://vuldb.com/submit/786688

third-party-advisory

CVSS V4

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Apr 9, 2026

Credit

GLiNet (VulDB User)

VulDB CNA Team

CVE-2026-5959 Data

JSON

Gl.inet

What is CVE-2026-5959?

Affected Version(s)

References

CVSS V4

Timeline

Credit