cybersecurity researchers have disclosed nine Critical vulnerabilities in low-cost IP-based KVM (Keyboard, Video, Mouse) devices from four different vendors. The flaws, discovered by the firm Eclypsium, enable attackers to gain unauthenticated root access, potentially granting them extensive control over the servers and workstations connected to these devices. The disclosure was made public this week, highlighting significant risks to data center and remote management security.

Affected Devices and Vendor Details

The security weaknesses span products from several manufacturers. The affected devices include the GL-iNet Comet RM-1, models sold under the Angeet and Yeeso brands as the ES3 KVM, the Sipeed NanoKVM, and the JetKVM. These hardware devices are used to remotely control multiple computers over a network, a common practice in data centers, IT labs, and for managing servers.

Researchers identified that the most severe vulnerabilities allow an attacker to bypass authentication entirely. This would let a remote, unauthenticated user execute commands with the highest level of privileges, known as root access, on the KVM device itself. From this position, an attacker could then manipulate the video stream, inject keystrokes, or control the mouse of any connected computer.

Nature of the Security Weaknesses

The nine flaws encompass a range of issues that collectively create a severe threat. Several vulnerabilities involve improper authentication, where the devices fail to adequately verify a user’s identity before granting access to administrative functions. Others include command injection flaws, where specially crafted network requests can trick the device into running arbitrary commands.

Further issues involve the use of hard-coded cryptographic keys and credentials. These static keys, which are identical across many devices, could be used to decrypt device traffic or gain unauthorized entry. The research indicates that these problems stem from shared underlying firmware and design patterns common among cost-sensitive hardware manufacturers.

Implications for Organizational Security

The compromise of an IP KVM switch presents a grave risk because it sits at a critical junction in a network. These devices often have unrestricted access to the core systems they manage. A successful attacker could leverage this access to steal data, deploy ransomware, or maintain a persistent, hidden foothold within an organization’s infrastructure.

Security experts note that such devices are frequently installed and then forgotten, operating with outdated firmware and without routine security monitoring. Their network presence can be overlooked by standard security scans, making them a attractive target for advanced persistent threat groups seeking a stealthy entry point.

Response and Mitigation Steps

Eclypsium reported its findings to the respective vendors through coordinated disclosure channels prior to public release. As of the publication date, some vendors have begun releasing patches and firmware updates to address the specific vulnerabilities. Users of GL-iNet, Angeet, Yeeso, Sipeed, and JetKVM products are urged to immediately check the manufacturers’ official security advisories and support pages.

The primary mitigation is to apply all available firmware updates provided by the vendor. If a patch is not yet available, organizations are advised to isolate the KVM devices on a dedicated, tightly controlled network segment. They should also ensure strong, unique passwords are in use and disable any remote administrative features that are not strictly necessary for operation.

Looking Ahead

Security analysts expect further scrutiny on the supply chain and security practices of manufacturers producing low-cost network hardware. The industry-wide response to these vulnerabilities will be monitored to assess the effectiveness of the patching process. Researchers anticipate that detailed technical information regarding the exploitation of these flaws may become public in the coming weeks, increasing the urgency for organizations to apply fixes.

Source: Eclypsium Research Disclosure