9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors

Published:

18 maart 2026 om 11:42:00

Alert date:

18 maart 2026 om 13:01:37

Source:

thehackernews.com

Mobile & IoT, Network Infrastructure, Zero-Day Vulnerabilities, Critical Infrastructure

Security researchers from Eclypsium discovered nine critical vulnerabilities in low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices from four different vendors. The flaws affect GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM products. The most severe vulnerabilities allow unauthenticated root access, giving attackers extensive control over compromised hosts. These IP KVM devices are commonly used for remote server management, making the vulnerabilities particularly concerning for enterprise environments.

Technical details

Nine vulnerabilities discovered by Eclypsium across four different IP KVM products. Issues include missing firmware signature validation, no brute-force protection, broken access controls, and exposed debug interfaces. Successful exploitation allows unauthenticated root access, arbitrary code execution, keystroke injection, booting from removable media to bypass disk encryption or Secure Boot protections, circumventing lock screens, and remaining undetected by OS-level security software. Vulnerabilities provide BIOS/UEFI level access to target machines.

Mitigation steps:

Enforce multi-factor authentication (MFA) where supported, isolate KVM devices on a dedicated management VLAN, restrict internet access, use tools like Shodan to check for external exposure, monitor for unexpected network traffic to/from the devices, and keep the firmware up-to-date

Affected products:

GL-iNet Comet RM-1
Angeet/Yeeso ES3 KVM
Sipeed NanoKVM (fixed in version 2.3.1)
Sipeed NanoKVM Pro (fixed in version 1.2.4)
JetKVM (fixed in version 0.5.4)
ATEN International switches
PiKVM
TinyPilot