A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.8.2 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
A factory reset handler vulnerability in GL.iNet GL-RM1/GL-RM10 routers (v1.8.1) allows improper authentication through remote manipulation. The flaw requires high attack complexity but can be exploited to bypass authentication mechanisms.
تؤثر هذه الثغرة على معالج إعادة التعيين في أجهزة التوجيه GL.iNet من الإصدار 1.8.1. يمكن للمهاجمين البعيدين التلاعب بالمكون لتجاوز آليات المصادقة. الترقية إلى الإصدار 1.8.2 تحل المشكلة بشكل كامل.
A factory reset handler vulnerability in GL.iNet GL-RM1/GL-RM10 routers (v1.8.1) allows improper authentication through remote manipulation. The flaw requires high attack complexity but can be exploited to bypass authentication mechanisms.
Upgrade GL.iNet GL-RM1, GL-RM10, GL-RM10RC, and GL-RM1PE devices to firmware version 1.8.2 or later immediately. Disable remote factory reset functionality if available. Implement network segmentation to restrict access to router management interfaces. Monitor for suspicious factory reset attempts in logs.
قم بترقية أجهزة GL.iNet إلى الإصدار 1.8.2 أو أحدث فوراً. عطّل وظيفة إعادة التعيين البعيدة إن أمكن. طبّق تقسيم الشبكة لتقييد الوصول إلى واجهات إدارة الموجه. راقب محاولات إعادة التعيين المريبة في السجلات.