Unauthenticated Root Access Flaws Disclosed in Multiple IP KVM Vendors
Summary
Hide ▲
Show ▼
Nine vulnerabilities across IP KVM devices from four vendors enable unauthenticated attackers to gain root access, execute arbitrary code, or bypass security controls, posing critical risks to connected systems. The flaws span GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM, with the most severe allowing unauthenticated root access or arbitrary code execution. Exploitation can undermine Secure Boot, disk encryption, and operating system-level security measures, granting persistent, undetected access to compromised hosts. Researchers highlight systemic issues including missing firmware signature validation, absent authentication, and exposed debug interfaces as recurring themes.
Timeline
-
18.03.2026 13:42 1 articles · 3h ago
Critical IP KVM Flaws Enable Unauthenticated Root Access and Persistent Compromise
Nine vulnerabilities across IP KVM devices from GL-iNet, Angeet/Yeeso, Sipeed, and JetKVM allow unauthenticated attackers to gain root access, execute arbitrary code, and bypass security controls. Exploitation can undermine Secure Boot, disk encryption, and OS-level protections, enabling persistent, undetected access to compromised hosts. Flaws include missing firmware signature validation, absent authentication mechanisms, and exposed debug interfaces, with some vendors (e.g., Angeet ES3 KVM) remaining unpatched. Mitigations include MFA enforcement, network isolation, firmware updates, and monitoring for unexpected device traffic.
Show sources
- 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors — thehackernews.com — 18.03.2026 13:42
Information Snippets
-
Nine vulnerabilities (CVE-2026-32290 to CVE-2026-32298) disclosed across IP KVM devices from GL-iNet, Angeet/Yeeso, Sipeed, and JetKVM.
First reported: 18.03.2026 13:421 source, 1 articleShow sources
- 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors — thehackernews.com — 18.03.2026 13:42
-
Most severe flaws (e.g., CVE-2026-32297, CVSS 9.8; CVE-2026-32298, CVSS 8.8) enable unauthenticated arbitrary code execution and root access.
First reported: 18.03.2026 13:421 source, 1 articleShow sources
- 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors — thehackernews.com — 18.03.2026 13:42
-
Flaws allow adversaries to inject keystrokes, boot from removable media to bypass Secure Boot/disk encryption, and circumvent lock screens.
First reported: 18.03.2026 13:421 source, 1 articleShow sources
- 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors — thehackernews.com — 18.03.2026 13:42
-
Systemic issues include missing firmware signature validation, no brute-force protection, broken access controls, and exposed debug interfaces.
First reported: 18.03.2026 13:421 source, 1 articleShow sources
- 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors — thehackernews.com — 18.03.2026 13:42
-
Some affected devices lack fixes: Angeet ES3 KVM remains vulnerable to CVE-2026-32297 and CVE-2026-32298; GL-iNet Comet KVM has planned fixes pending for two CVEs.
First reported: 18.03.2026 13:421 source, 1 articleShow sources
- 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors — thehackernews.com — 18.03.2026 13:42
-
JetKVM devices fixed in version 0.5.4; Sipeed NanoKVM fixed in versions 2.3.1 (standard) and 1.2.4 (Pro); GL-iNet Comet KVM fixed in version 1.8.1 BETA for two CVEs.
First reported: 18.03.2026 13:421 source, 1 articleShow sources
- 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors — thehackernews.com — 18.03.2026 13:42
-
Prior disclosures in 2025 (e.g., ATEN International switches) highlight recurring risks in IP KVM devices.
First reported: 18.03.2026 13:421 source, 1 articleShow sources
- 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors — thehackernews.com — 18.03.2026 13:42