9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内,而且不需要特定的开头。首先,我得仔细阅读文章,抓住主要信息。 文章主要讲的是网络安全研究人员发现了一些低价IP KVM设备的漏洞。这些设备可以让攻击者获得对主机的广泛控制权。Eclypsium发现了九个漏洞,涉及四个产品:GL-iNet Comet RM-1、Angeet/Yeeso ES3 KVM、Sipeed NanoKVM和JetKVM。其中最严重的漏洞允许未经身份验证的攻击者获得root权限或执行恶意代码。 文章还提到这些漏洞包括固件签名验证缺失、无暴力破解保护、访问控制问题以及调试接口暴露。攻击者可以利用这些漏洞进行各种恶意活动,比如注入按键、绕过加密保护等,并且不易被检测到。 此外,文章指出这类设备以前也出现过类似问题,建议采取多因素认证、隔离设备、限制网络访问等措施来缓解风险。 总结的时候,我需要涵盖低价IP KVM设备的漏洞数量、涉及的产品、严重性以及可能的影响。同时要简洁明了,不超过100字。 </think> 研究人员发现低价IP KVM设备存在九个漏洞,影响GL-iNet Comet RM-1等四款产品。最严重漏洞允许攻击者无需身份验证即可获取root权限或执行恶意代码。这些问题包括固件签名验证缺失、暴力破解防护不足等。成功利用这些漏洞可能导致系统被接管,削弱安全控制措施。 2026-3-18 11:42:0 Author: thehackernews.com(查看原文) 阅读量:9 收藏

Network Security / Vulnerability

Cybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices, which can grant attackers extensive control over compromised hosts.

The nine vulnerabilities, discovered by Eclypsium, span four different products from GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. The most severe of them allow unauthenticated actors to gain root access or run malicious code.

"The common themes are damning: missing firmware signature validation, no brute-force protection, broken access controls, and exposed debug interfaces," researchers Paul Asadoorian and Reynaldo Vasquez Garcia said in an analysis.

With IP KVM devices enabling remote access to the target machine's keyboard, video output, and mouse input at the BIOS/UEFI level, successful exploitation of vulnerabilities in these products can expose systems to potential takeover risks, undermining security controls put in place. The list of shortcomings is as follows -

  • CVE-2026-32290 (CVSS score: 4.2) - An insufficient verification of firmware authenticity in GL-iNet Comet KVM (Fix being planned)
  • CVE-2026-32291 (CVSS score: 7.6) - A Universal Asynchronous Receiver-Transmitter (UART) root access vulnerability in GL-iNet Comet KVM (Fix being planned)
  • CVE-2026-32292 (CVSS score: 5.3) - An insufficient brute-force protection vulnerability in GL-iNet Comet KVM (Fixed in version 1.8.1 BETA)
  • CVE-2026-32293 (CVSS score: 3.1) - An insecure initial provisioning via unauthenticated cloud connection vulnerability in GL-iNet Comet KVM (Fixed in version 1.8.1 BETA)
  • CVE-2026-32294 (CVSS score: 6.7) - An insufficient update verification vulnerability in JetKVM (Fixed in version 0.5.4)
  • CVE-2026-32295 (CVSS score: 7.3) - An insufficient rate limiting vulnerability in JetKVM (Fixed in version 0.5.4)
  • CVE-2026-32296 (CVSS score: 5.4) - A configuration endpoint exposure vulnerability in Sipeed NanoKVM (Fixed in NanoKVM version 2.3.1 and NanoKVM Pro version 1.2.4)
  • CVE-2026-32297 (CVSS score: 9.8) - A missing authentication for a critical function vulnerability in Angeet ES3 KVM leading to arbitrary code execution (No fix available)
  • CVE-2026-32298 (CVSS score: 8.8) - An operating system command injection vulnerability in Angeet ES3 KVM leading to arbitrary command execution (No fix available)

"These are not exotic zero-days requiring months of reverse engineering," the researchers noted. "These are fundamental security controls that any networked device should implement. Input validation. Authentication. Cryptographic verification. Rate limiting. We are looking at the same class of failures that plagued early IoT devices a decade ago, but now on a device class that provides the equivalent of physical access to everything it connects to."

An adversary can weaponize these issues to inject keystrokes, boot from removable media to bypass disk encryption or Secure Boot protections, circumvent lock screens and access systems, and, more importantly, remain undetected by security software installed at the operating system level.

This is not the first time vulnerabilities have been disclosed in IP KVM devices. In July 2025, Russian cybersecurity vendor Positive Technologies flagged five flaws in ATEN International switches (CVE-2025-3710, CVE-2025-3711, CVE-2025-3712, CVE-2025-3713, and CVE-2025-3714) that could pave the way for denial-of-service or remote code execution.

What's more, such IP KVM switches like PiKVM or TinyPilot have been put to use by North Korean IT workers residing in countries like China to remotely connect to company-issued laptops hosted on laptop farms.

As mitigations, it's recommended to enforce multi-factor authentication (MFA) where supported, isolate KVM devices on a dedicated management VLAN, restrict internet access, use tools like Shodan to check for external exposure, monitor for unexpected network traffic to/from the devices, and keep the firmware up-to-date.

"A compromised KVM is not like a compromised IoT device sitting on your network. It is a direct, silent channel to every machine it controls," Eclypsium said. "An attacker who compromises the KVM can hide tools and backdoors on the device itself, consistently re-infecting host systems even after remediation."

"Since some firmware updates lack signature verification on most of these devices, a supply-chain attacker could tamper with the firmware at distribution time and have it persist indefinitely."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.


文章来源: https://thehackernews.com/2026/03/9-critical-ip-kvm-flaws-enable.html
如有侵权请联系:admin#unsafe.sh