Sipeed NanoKVM devices before version 2.3.1 contain a critical vulnerability in their Wi-Fi configuration endpoint that lacks proper authentication and security controls. Unauthenticated attackers with network access can exploit this flaw to modify the device's Wi-Fi network configuration, potentially redirecting the device to attacker-controlled networks. Additionally, attackers can craft malicious requests to exhaust system memory and cause denial of service by terminating the KVM process. This vulnerability affects KVM-over-IP devices which are commonly used for remote server management, making it particularly dangerous for infrastructure security.