Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

IP KVM devices unauthenticated root access and command execution flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

Nine IP KVM vulnerabilities across GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM can expose attached hosts to root access and command execution through the management device. The flaws include missing firmware signature validation, broken access controls, exposed debug interfaces, and weak update and brute-force protections. Because IP KVM hardware operates at the BIOS/UEFI layer, exploitation can bypass local security controls and enable covert takeover of connected systems. Several issues have fixes or planned fixes, while the most severe Angeet ES3 KVM bugs remain without a fix.

Related Happenings

Linux kernel AppArmor confused deputy vulnerabilities CrackArmor security flaw

Vulnerability
First: 13.03.2026 10:18 Last: 13.03.2026 10:18 Sources 1

About this happening: Researchers disclosed **CrackArmor**, nine **confused deputy** flaws in the **Linux kernel's AppArmor module** that can let **unprivileged users** bypass protections, gain **root*...

Open Happening

Framework UEFI Secure Boot bypass mitigation guidance

Advisory/Mitigation
First: 14.10.2025 16:22 Last: 14.10.2025 16:22 Sources 1

About this happening: Framework advised impacted Linux users to install **available security updates** and use a **BIOS DB-key workaround** to limit **Secure Boot bypass** risk across about **200,000 s...

Open Happening

WireTap memory-bus interposer analysis breaks Intel SGX attestation on DDR4 systems

Technical Analysis
First: 01.10.2025 20:20 Last: 01.10.2025 20:20 Sources 1

About this happening: Researchers demonstrated **WireTap**, a **memory-bus interposer** attack that can extract **Intel SGX attestation keys** on **DDR4 systems**, undermining enclave confidentiality a...

Open Happening

Howyar Reloader UEFI application Secure Boot bypass flaw (CVE-2024-7344)

Vulnerability
First: 12.09.2025 14:50 Last: 12.09.2025 14:50 Sources 1

About this happening: **HybridPetya** is a newly disclosed **ransomware/bootkit** strain that exploits **CVE-2024-7344** in the **Howyar Reloader UEFI application** to bypass **UEFI Secure Boot** on **...

Open Happening

Timeline

  1. 18.03.2026 13:42 2 articles · 2mo ago

    Eclypsium discloses nine IP KVM vulnerabilities across four vendors

    Initial Disclosure

    Eclypsium discloses nine vulnerabilities across GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM, including CVE-2026-32290, CVE-2026-32291, CVE-2026-32292, CVE-2026-32293, CVE-2026-32294, CVE-2026-32295, CVE-2026-32296, CVE-2026-32297, and CVE-2026-32298. The flaws include missing firmware signature validation, insufficient brute-force protection, insecure initial provisioning via unauthenticated cloud connection, insufficient update verification, insufficient rate limiting, configuration endpoint exposure, missing authentication for a critical function, and OS command injection, and they can enable unauthenticated root access, arbitrary code execution, keystroke injection, and bypass of disk encryption or Secure Boot on connected hosts; fixes are planned or already available for several products, while the two Angeet ES3 KVM issues have no fix available.

    Show sources
    Open in new tab