Reynaldo Vasquez Garcia

**Name of the Vulnerable Software and Affected Versions** GL-iNet Comet (GL-RM1) KVM versions prior to 1.8.2 **Description** The GL-iNet Comet (GL-RM1) KVM does not properly confirm the legitimacy of firmware files during upload. This allows an attacker positioned between the user and the update server, or one who has gained control of the update server, to alter the firmware and its MD5 hash, enabling the modified firmware to pass verification. **Recommendations** Update to version 1.8.2 or later.

**Name of the Vulnerable Software and Affected Versions** GL-iNet Comet (GL-RM1) KVM versions prior to 1.8.2 **Description** The GL-iNet Comet (GL-RM1) KVM does not require authentication on the UART serial console. Successful exploitation requires physical access to the device and connection to the UART pins. **Recommendations** Update to version 1.8.2 or later.

**Name of the Vulnerable Software and Affected Versions** GL-iNet Comet (GL-RM1) versions (affected versions not specified) **Description** The web interface for the KVM feature in GL-iNet Comet (GL-RM1) does not restrict the number of login attempts. This allows attackers to perform brute-force attacks to compromise user credentials. Reports indicate that the device, a KVM box, could serve as a network pivot point for attackers using tools like Hydra. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GL-iNet Comet (GL-RM1) KVM (affected versions not specified) **Description** The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during startup to obtain client and CA certificates. The device does not validate the certificates used during this connection, which allows a malicious actor positioned between the device and the GL-iNet site to provide invalid client and CA certificates. The GL-RM1 will attempt to utilize these invalid certificates, resulting in a failure to connect to the legitimate GL-iNet KVM cloud service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sipeed NanoKVM versions prior to 2.3.1 **Description** Sipeed NanoKVM exposes a Wi-Fi configuration endpoint without appropriate security measures. An unauthenticated attacker with network access can modify the saved Wi-Fi network configuration to one of their choosing. Additionally, an attacker can create a request to deplete system memory and terminate the KVM process. The vulnerable endpoint is a Wi-Fi configuration endpoint. The `network` configuration can be altered by an attacker. **Recommendations** Update Sipeed NanoKVM to version 2.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** Angeet ES3 KVM (affected versions not specified) **Description** The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modifying these files could allow an attacker to gain complete control of a vulnerable system. The vulnerability allows for arbitrary file writing without authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Angeet ES3 KVM (affected versions not specified) **Description** The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the `cfg.lua` script. This allows an authenticated attacker to execute OS-level commands. The issue involves improper input validation, specifically related to variables processed by the `cfg.lua` script. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.