9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
Summary
Nine critical vulnerabilities have been discovered in low-cost IP KVM devices from four different vendors, including GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. The most severe flaws allow unauthenticated attackers to gain root-level access to connected systems.
IFF Assessment
FOE
These vulnerabilities grant attackers deep access to systems, making it easier for them to compromise networks and steal data.
Severity
9.8
Critical
(AI Estimated)
Defender Context
Defenders should be aware of the risks associated with unmanaged or low-cost IP KVM devices, as they can present significant attack vectors. Organizations should inventory and assess the security of such devices, prioritizing patching or replacement where possible.