RESEARCHERS disclosed nine vulnerabilities in IP KVMs from four manufacturers, exposing BIOS/UEFI-level access to potentially unauthorised users. The low-cost devices, typically selling for $30 to $100, are used to remotely access machines and, when Internet-exposed or poorly secured, can undermine network security with or without insider involvement.
As of the report, some flaws affect Angeet/Yeeso products and remain unpatched, while others in GL-iNet, AnGeet/Yeeso, Sipeed NanoKVM, JetKVM, and others have received fixes and patches, including CVE-2026-32296 to CVE-2026-32299. As noted by Eclypsium, these are not exotic zero-days but fundamental security gaps such as inadequate input validation, authentication, and brute-force protection, resembling issues seen in early IoT devices.
According to Eclypsium, the affected devices can grant unauthenticated root access or enable remote code execution, reinforcing the call for administrators to scan for IP KVMs and harden them with strong passwords and VPNs. HD Moore’s Internet scan found a little more than 1,300 such devices, underscoring the ongoing risk to networks, with some vendors still issuing fixes as of 17 March 2026.