IP KVMs are compact, cost-effective devices that admins use to remotely reach servers. When connected, they grant access at the BIOS/UEFI stage, a level of control that can translate into far-reaching power over a machine and, by extension, the network it supports.
Researchers disclosed nine vulnerabilities across IP KVMs from four manufacturers. The most serious flaws could let attackers gain root access or run malicious code even without authentication, underscoring the risk of devices that bypass normal host defenses.
These flaws are not exotic zero-days. Instead, Eclypsium describes them as fundamental security gaps—lapses in input validation, authentication, cryptographic verification, and rate limiting—that resemble early IoT flaws but now sit on devices that can provide physical-like access to connected systems.
The researchers note that some of the affected products have partial or no fixes yet, including certain Angeet/Yeeso IP KVM models, leaving networks exposed while other vendors implement patches or beta updates. The report emphasizes that no single device type should be trusted to the extent BIOS-level access implies unless properly secured.
To mitigate risk, analysts urge network operators to scan for IP KVMs, enforce strong passwords, and route management traffic through trusted VPNs such as WireGuard or Tailscale. RunZero and Eclypsium recommend continuous inventory of these devices and applying strong access controls to reduce the chance of compromise.
