Security researchers from Eclypsium have disclosed nine vulnerabilities in IP KVMs from four manufacturers, allowing unauthenticated attackers to gain root access or execute malicious code. These flaws stem from fundamental security failures like poor input validation and lack of authentication, similar to early IoT device issues. The devices provide BIOS/UEFI-level remote access, making them high-risk if compromised.
Background
IP KVMs are low-cost devices used by administrators for remote machine access at the BIOS/UEFI level, providing deep network control. They have become common in IT infrastructure but often lack robust security measures.
- Source
- Ars Technica
- Published
- Mar 18, 2026 at 01:07 AM
- Score
- 7.0 / 10