Security researchers are warning that a range of low-cost IP KVM (keyboard-video-mouse over IP) devices contain vulnerabilities severe enough to enable takeover of connected machines — including unauthenticated root access on certain models.

The Hacker News reports that Eclypsium uncovered nine vulnerabilities affecting devices from GL-iNet (Comet RM-1), Angeet/Yeeso (ES3 KVM), Sipeed (NanoKVM), and JetKVM. Multiple issues relate to missing firmware signature validation, weak or absent brute-force protections, broken access controls, and exposed debug interfaces.

Why IP KVM vulnerabilities are especially dangerous

IP KVMs can provide keyboard and mouse control at the BIOS/UEFI level, meaning attackers may:

- Inject keystrokes, alter boot settings, or boot from removable media

- Bypass OS-level defenses and potentially evade endpoint security

- Persist by compromising the KVM device itself (and repeatedly re-infect hosts)

Notable CVEs mentioned

- CVE-2026-32297 (CVSS 9.8): missing authentication for a critical function on Angeet ES3 KVM (no fix listed)

- CVE-2026-32298 (CVSS 8.8): OS command injection on Angeet ES3 KVM (no fix listed)

- Additional CVEs include JetKVM verification/rate-limiting issues and GL-iNet provisioning/brute-force gaps.

Mitigation guidance (practical steps)

1) Isolate KVM devices on a dedicated management VLAN.

2) Restrict inbound access; avoid exposing management interfaces to the public Internet.

3) Enforce MFA where supported and change default credentials.

4) Keep firmware updated; validate vendor patch notes and apply fixed versions.

5) Monitor for unusual traffic patterns to/from KVM devices.

Draft angle for Kicukiro Tech: As remote management hardware becomes popular with homelabs and small businesses, IP KVM devices are turning into high-impact targets — and should be treated like critical infrastructure, not “cheap accessories.”