VulnHub

Real-time Cybersecurity News

9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors

The Hacker News
Critical

Overview

Cybersecurity researchers have identified nine significant vulnerabilities in low-cost IP KVM devices from four vendors: GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. These flaws can allow unauthorized users to gain root access, giving them extensive control over affected systems. The most critical vulnerabilities could enable attackers to execute commands and manipulate the devices without authentication. This poses a serious risk, especially for organizations relying on these devices for remote management of their IT infrastructure. Users of these products are urged to take immediate action to secure their systems and monitor for any suspicious activity.

Key Takeaways

  • Affected Systems: GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, JetKVM
  • Action Required: Users should immediately update their devices to the latest firmware provided by the respective vendors and implement strong access controls to mitigate unauthorized access risks.
  • Timeline: Newly disclosed

Original Article Summary

Cybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices, which can grant attackers extensive control over compromised hosts. The nine vulnerabilities, discovered by Eclypsium, span four different products from GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. The most severe of them allow

Impact

GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, JetKVM

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Users should immediately update their devices to the latest firmware provided by the respective vendors and implement strong access controls to mitigate unauthorized access risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

The Hacker News

Amazon Threat Intelligence has issued a warning regarding an active ransomware campaign known as Interlock, which is exploiting a significant vulnerability in Cisco's Secure Firewall Management Center (FMC) Software. This vulnerability, identified as CVE-2026-20131, has a maximum severity score of 10.0 and stems from an insecure deserialization of user-supplied Java byte streams. This flaw could allow attackers to gain root access without authentication, posing a serious risk to organizations using affected Cisco products. The exploitation of this vulnerability is concerning as it enables unauthorized access, potentially leading to data breaches and system compromises. Companies using Cisco FMC Software must take immediate action to protect their systems from this ongoing threat.

Mar 18, 2026

New Ubuntu Flaw Enables Local Attackers to Gain Root Access

Infosecurity Magazine

A new vulnerability identified as CVE-2026-3888 has been discovered in Ubuntu's snap package management system, allowing local users to escalate their privileges to root access through a timing-based exploit. This flaw poses a significant risk particularly for multi-user environments, as any local user could potentially gain complete control over the affected system. Ubuntu has not specified which versions are impacted, but users running the snap package system should be aware of this vulnerability. The implications of this flaw are serious, as it could enable attackers to manipulate system settings, install malicious software, or access sensitive information. Users are advised to monitor for updates from Ubuntu and apply patches as they become available.

Mar 18, 2026

Marquis: Ransomware gang stole data of 672K people in cyberattack

BleepingComputer

Marquis, a financial services provider based in Texas, recently reported that a ransomware attack in August 2025 compromised the personal data of over 672,000 individuals. The breach also had significant operational impacts, affecting 74 banks across the United States. The stolen data may include sensitive information, raising concerns about identity theft and privacy for those affected. This incident highlights the vulnerabilities in the financial sector and the ongoing threat posed by ransomware groups. Organizations in this space need to enhance their cybersecurity measures to protect both their operations and customer data.

Mar 18, 2026

EU Sanctions Chinese, Iranian Firms Supporting Hacking Operations

SecurityWeek

The European Union has imposed sanctions on two Chinese individuals, two Chinese companies, and one Iranian firm for their involvement in hacking operations targeting EU member states. This action reflects ongoing concerns about cyber threats linked to state-sponsored actors and their impact on national security and digital infrastructure. The sanctioned entities are believed to have contributed to cyber activities that undermine the stability and security of EU countries. By taking these measures, the EU aims to deter further malicious cyber operations and hold accountable those involved in such activities. This situation underscores the increasing vigilance by international bodies in combating cybercrime and protecting digital sovereignty.

Mar 18, 2026

Crypto Scam "ShieldGuard" Dismantled After Malware Discovery

Infosecurity Magazine

A malicious Chrome extension called ShieldGuard was discovered to be a crypto scam masquerading as a security tool. This extension primarily targeted users looking to protect their cryptocurrency wallets but instead siphoned off sensitive wallet information and drained user data. Researchers found that once installed, the extension would exploit its permissions to access and transfer funds from users' crypto wallets. This incident affects anyone who installed the ShieldGuard extension, highlighting the ongoing risks of using unverified browser extensions in the cryptocurrency space. Users are urged to be cautious and only download extensions from reputable sources to safeguard their assets.

Mar 18, 2026

New “Darksword” iOS exploit used in infostealer attack on iPhones

BleepingComputer

A new exploit kit called 'Darksword' is being used to target iPhones, particularly affecting users of cryptocurrency wallet applications. This exploit allows attackers to steal various personal information from compromised devices. The existence of Darksword raises significant concerns, especially for those who handle sensitive financial data on their mobile devices. As users increasingly rely on their phones for managing cryptocurrencies, the risk of falling victim to such attacks is growing. It’s crucial for iPhone users to stay vigilant and ensure their devices are updated to protect against these vulnerabilities.

Mar 18, 2026